CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42477

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.5.1 Description WP Directory Kit contains a Blind SQL Injection flaw, which occurs when special elements used in an SQL command are not properly neutralized. This allows an unauthenticated attacker to execu...

9.3CVSS6AI score0.00039EPSS

Exploits0References5

Vulnrichment•added 2026/03/05 5:53 a.m.•1 views

CVE-2026-27396 WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

5.8AI score0.00054EPSS

Exploits0References1

Patchstack•added 2026/02/23 10:58 a.m.•2 views

WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...

7.3CVSS5.3AI score0.00054EPSS

Exploits0Affected Software1

Nuclei•added 2026/02/06 11:12 a.m.•5 views

WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS5.7AI score0.10688EPSS

Exploits0References2

Vulnrichment•added 2026/01/24 12:27 p.m.•2 views

CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

5.3CVSS5.9AI score0.00976EPSS

Exploits0References2

Cvelist•added 2026/01/24 12:27 p.m.•27 views

CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

5.3CVSS0.00976EPSS

Exploits0References2

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4274

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.9.1 Description A flaw exists in WordPress directory names within WebPros WordPress Toolkit that can lead to privilege escalation. The issue involves manipulation of directory names. Recommendations Update...

8.8CVSS5.2AI score0.00036EPSS

Exploits0References5

CVE•added 2026/01/22 12:0 a.m.•14 views

CVE-2025-66428

Summary: CVE-2025-66428 affects WebPros WordPress Toolkit prior to 6.9.1. The flaw arises from manipulation of WordPress directory names, enabling privilege escalation. The reported impact is high (CVSS v3.1: 8.8; network attack, low complexity, user interaction none; privileges required low). Re...

8.8CVSS5.4AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:12 a.m.•4 views

CVE-2016-10965

The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion...

7.5CVSS7.2AI score0.00518EPSS

Exploits1References1

Positive Technologies•added 2025/12/02 12:0 a.m.•1 views

PT-2025-48665

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS6.5AI score0.00025EPSS

Exploits0References4

Positive Technologies•added 2025/11/27 12:0 a.m.•2 views

PT-2025-48238

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order by' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.6AI score0.00154EPSS

Exploits0References6

NVD•added 2025/11/21 10:15 a.m.•3 views

CVE-2025-13138

7.5CVSS0.10688EPSS

Exploits0References4

CVE•added 2025/10/22 2:32 p.m.•3 views

CVE-2025-52748

CVE-2025-52748 concerns the WordPress Directory Pro plugin (directory-pro) up to version 2.5.5. Affected component: directory-pro within Directory Pro. Root cause: improper handling/neutralization of user input during web page generation, enabling Reflected Cross-Site Scripting (XSS). Impact is d...

7.1CVSS6AI score0.00075EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-1161

Malware in sbrugna...

9.1CVSS9.3AI score0.00524EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-31281

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00042EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-28732

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00484EPSS

Exploits0References2

CNNVD•added 2025/09/26 12:0 a.m.•1 views

WordPress plugin WP Directory Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00042EPSS

Exploits0References2

CVE•added 2025/09/22 6:24 p.m.•6 views

CVE-2025-57948

CVE-2025-57948 affects Directory Pro (WordPress plugin). It is described as an Authenticated Stored Cross-Site Scripting vulnerability in Directory Pro versions up to 2.5.5, caused by improper neutralization of input during web page generation. The connected materials indicate patch status is Unp...

6.5CVSS5.9AI score0.00032EPSS

Exploits0References1

Patchstack•added 2025/08/15 12:47 a.m.•5 views

WordPress Directory Pro plugin <= 2.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Directory Pro versions = 2.5.5...

7.1CVSS6.2AI score0.00075EPSS

Exploits0Affected Software1

NVD•added 2025/02/12 4:15 a.m.•7 views

CVE-2024-13541

The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqsdeletelisting function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with...

5.4CVSS0.00109EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by