CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Patchstack•added 2026/04/13 11:14 a.m.•3 views

WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

6AI score0.00039EPSS

Exploits0Affected Software1

Positive Technologies•added 2026/01/24 12:0 a.m.•2 views

PT-2026-4615

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk public action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS5.5AI score0.00976EPSS

Exploits0References3

Cvelist•added 2025/12/13 3:20 a.m.•18 views

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS0.00098EPSS

Exploits0References3

CNNVD•added 2025/12/13 12:0 a.m.•2 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

7.5CVSS7.5AI score0.00098EPSS

Exploits0References4

Patchstack•added 2025/12/01 11:30 p.m.•6 views

WordPress WP Directory Kit plugin <= 1.4.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin WP Directory Kit versions = 1.4.6...

4.9CVSS7.8AI score0.00025EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/11/27 10:47 a.m.•2 views

WordPress WP Directory Kit plugin <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability

Reflected Cross-Site Scripting via 'orderby' Parameter vulnerability discovered by blue0x1 in WordPress Plugin WP Directory Kit versions = 1.4.5...

6.1CVSS6.3AI score0.00154EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/11/27 5:31 a.m.•7 views

CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'orderby' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.00154EPSS

Exploits0References5

Patchstack•added 2024/07/04 10:59 a.m.•0 views

WordPress WP Directory Kit plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin WP Directory Kit versions = 1.3.5...

7.1CVSS6.1AI score0.00275EPSS

Exploits0Affected Software1

CNNVD•added 2023/06/13 12:0 a.m.•1 views

WordPress Plugin WP Directory Kit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.1CVSS5AI score0.00179EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by