Lucene search
K

179 matches found

EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203184

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.3AI score0.00312EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/13 3:20 a.m.29 views

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00312EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 3:20 a.m.18 views

CVE-2025-13089

CVE-2025-13089 (WP Directory Kit) : WordPress plugin is vulnerable to unauthenticated SQL Injection via parameters hide_fields and attr_search in all versions up to 1.4.7 due to insufficient escaping and lack of prepared statements. Exploitation could allow an attacker to append SQL to existing q...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/13 3:20 a.m.3 views

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.15 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

7.5CVSS7.5AI score0.00312EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51043

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.8 Description The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the hide fields and attr search parameter. Insufficient input sanitization and inadequate SQL query...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/04 3:36 p.m.10 views

CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS6.5AI score0.0472EPSS
Exploits3References1
NVD
NVD
added 2025/12/03 2:15 p.m.14 views

CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS0.0472EPSS
Exploits3References4
EUVD
EUVD
added 2025/12/03 1:52 p.m.11 views

EUVD-2025-200972

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS6AI score0.0472EPSS
Exploits3References6
CVE
CVE
added 2025/12/03 1:52 p.m.38 views

CVE-2025-13390

CVE-2025-13390 affects the WordPress plugin WP Directory Kit, versions up to 1.4.4. The flaw is an authentication bypass caused by a weak token generation in the wdk_generate_auto_login_link function, making tokens predictable and allowing unauthenticated attackers to gain administrative access a...

10CVSS6.1AI score0.0472EPSS
In wildExploits3References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/03 11:59 a.m.7 views

CVE-2025-13090

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.5AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.12 views

WordPress plugin WP Directory Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

10CVSS7.6AI score0.0472EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.10 views

PT-2025-48809

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.5 Description The WP Directory Kit plugin for WordPress has a flaw in its authentication process. Specifically, versions up to and including 1.4.4 are susceptible to authentication bypass due to a weak...

10CVSS6.7AI score0.0472EPSS
Exploits3References15
VulnCheck KEV
VulnCheck KEV
added 2025/12/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-13390

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdkgenerateautologinlink" function. This is due to the feature using a cryptographically weak token...

10CVSS5.6AI score0.0472EPSS
In wildExploits3References2
NVD
NVD
added 2025/12/02 12:16 p.m.11 views

CVE-2025-13090

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00268EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/02 11:20 a.m.17 views

CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00268EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/02 11:20 a.m.4 views

EUVD-2025-200224

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.1AI score0.00268EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/02 11:20 a.m.4 views

CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.2AI score0.00268EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.3 views

PT-2025-48665

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.5AI score0.00268EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.10 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

4.9CVSS7.5AI score0.00268EPSS
Exploits0References3
Rows per page
Query Builder