Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2025/12/13 6:30 p.m.2 views

EUVD-2025-203184

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.3AI score0.00312EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/13 3:20 a.m.2 views

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
CVE
CVEadded 2025/12/13 3:20 a.m.15 views

CVE-2025-13089

CVE-2025-13089 (WP Directory Kit) : WordPress plugin is vulnerable to unauthenticated SQL Injection via parameters hide_fields and attr_search in all versions up to 1.4.7 due to insufficient escaping and lack of prepared statements. Exploitation could allow an attacker to append SQL to existing q...

7.5CVSS6.4AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/13 12:0 a.m.5 views

PT-2025-51043

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.8 Description The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the hide fields and attr search parameter. Insufficient input sanitization and inadequate SQL query...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References8
CNNVD
CNNVDadded 2025/12/13 12:0 a.m.4 views

WordPress plugin WP Directory Kit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

7.5CVSS7.5AI score0.00312EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2025-31224

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00903EPSS
Exploits0References3
OSV
OSVadded 2025/09/26 9:31 a.m.2 views

GHSA-Q475-2PGM-7HVP Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

8.7CVSS7.3AI score0.00903EPSS
Exploits0References5
Rows per page
Query Builder