5 matches found
CVE-2025-13138
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-13138
The WP Directory Kit WordPress plugin is affected by an unauthenticated SQL injection in all versions up to 1.4.3, via the columns_search parameter of the select_2_ajax() function. The flaw stems from insufficient escaping of the user input and inadequate preparation of the existing SQL query, en...