Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

WP Directory Kit — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in WP Directory Kit, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities affecting the WP Directory Kit product, categorized under common weakness enumerations and associated vendor tags for the WP Directory Kit. The content aggregates verified security issues, including critical flaws, medium-risk bugs, and information disclosures, covering incidents reported from early 2021 through mid-2024. Here you can track the specific advisory history of this vendor to understand the lifecycle of their security responses. Researchers and administrators can explore how specific weakness classes manifest within this particular plugin environment, providing context on how abstract vulnerability definitions translate into real-world exploitation scenarios. Additionally, users can look up the complete vulnerability history of the product to assess long-term maintenance quality and identify recurring patterns in code security. This resource serves as a centralized reference for understanding the risk profile associated with WP Directory Kit, allowing stakeholders to make informed decisions about deployment, patching, and mitigation strategies. By reviewing the chronological data and severity classifications, teams can better prioritize remediation efforts based on the age and impact of the discovered flaws. The aggregation ensures that all relevant details regarding these security gaps are accessible in one location, facilitating comprehensive audit trails and historical analysis for compliance and operational security purposes without requiring external searches or fragmented data sources.

Vendor: wpdirectorykit

CVE IDTitleCVSSSeverityPublished
CVE-2026-42672 WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability CWE-89 9.3 Critical2026-06-01
CVE-2026-39531 WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability CWE-89 9.3 Critical2026-05-21
CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action CWE-200 5.3 Medium2026-01-24
CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection CWE-89 7.5 High2025-12-13
CVE-2025-13390 WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover CWE-303 10.0 Critical2025-12-03
CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-12-02
CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter CWE-79 6.1 Medium2025-11-27
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function CWE-89 7.5 High2025-11-21
CVE-2025-60120 WordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerability CWE-862 5.3 Medium2025-09-26
CVE-2023-41875 WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability CWE-862 5.3 Medium2024-12-13
CVE-2024-37487 WordPress WP Directory Kit plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-21
CVE-2024-37253 WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability CWE-74 2.7 Low2024-07-09
CVE-2024-3217 WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection CWE-89 8.8 High2024-04-05
CVE-2024-29774 WordPress WP Directory Kit plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-03-27
CVE-2023-31229 WordPress WP Directory Kit Plugin <= 1.1.9 is vulnerable to Open Redirection CWE-601 4.7 Medium2023-12-29
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display CWE-352 5.4 Medium2023-08-31
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem CWE-352 6.1 Medium2023-06-13
CVE-2023-2278 WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action CWE-22 9.8 Critical2023-06-13
CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action CWE-862 6.5 Medium2023-06-13
CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action CWE-862 6.5 Medium2023-06-09
CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search' CWE-79 6.1 Medium2023-06-02

All 21 known CVE vulnerabilities affecting WP Directory Kit with full Chinese analysis, references, and POCs where available.