13 matches found
CVE-2024-29774
CVE-2024-29774 is a Reflected XSS in WP Directory Kit (WPDirectoryKit) due to Improper Neutralization of Input During Web Page Generation. Affected: WPDirectoryKit versions from n/a through 1.2.9. Root cause, impact, and remediation details are present in connected sources (Red Hat and ENISA entr...
CVE-2024-3217
CVE-2024-3217 affects WP Directory Kit for WordPress; the vulnerability is an SQL Injection via attribute_id and attribute_value in all versions up to 1.3.0 caused by insufficient escaping and query preparation. This allows an authenticated attacker with subscriber-level access or higher to injec...
CVE-2024-37487
CVE-2024-37487 affects WP Directory Kit (WordPress plugin) with a reflected XSS due to improper input neutralization during web page generation. Affected: WP Directory Kit ≤ 1.3.5. CVSS data from sources in the connected docs show Network attack vector, Low confidentiality/integrity impact, user ...
CVE-2023-41875
CVE-2023-41875 describes a Missing Authorization vulnerability in the WordPress plugin WP Directory Kit (versions
CVE-2024-37253
CVE-2024-37253 describes an HTML injection vulnerability in the WordPress plugin WP Directory Kit (affected: versions <= 1.3.6) due to improper neutralization of output in a downstream element. The CVE is documented across multiple feeds (NVD/Red Hat/CVE list) with the Wordfence vulnerability ...
CVE-2023-2280
CVE-2023-2280 affects the WordPress plugin WP Directory Kit. The issue is a missing capability check in the ajax_public function, enabling unauthenticated attackers to perform data-altering actions: delete or modify plugin settings, import demo data, delete related posts/terms, and install arbitr...
CVE-2023-2277
The CVE-2023-2277 issue affects the WP Directory Kit WordPress plugin (versions up to 1.1.9). It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing/incorrect nonce validation on the insert function. This allows unauthenticated attackers to alter plugin settings and inject mali...
CVE-2023-2278
CVE-2023-2278 —The WordPress plugin WP Directory Kit is vulnerable to a Local File Inclusion (LFI) via the function wdk_public_action in versions up to and including 1.1.9. This unauthenticated flaw allows attackers to include and execute arbitrary PHP files on the server, potentially bypassing a...
CVE-2023-2835
WP Directory Kit for WordPress is affected by a Reflected XSS in the search parameter up to version 1.2.3 due to insufficient input sanitization/escaping. Exploitation requires user interaction (e.g., clicking a link). Patch 1.2.4 fixes this issue; update to 1.2.4+ or apply mitigations as describ...
CVE-2023-31229
CVE-2023-31229: Open Redirection in WordPress WP Directory Kit (
CVE-2023-2351
The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...
CVE-2023-2279
CVE-2023-2279 pertains to the WP Directory Kit WordPress plugin. Concrete details show a CSRF vulnerability in versions up to 1.2.1 due to missing/incorrect nonce validation in the admin_page_display function, enabling unauthenticated attackers to delete or modify plugin settings, import demo dat...
CVE-2025-13390
CVE-2025-13390 affects the WordPress plugin WP Directory Kit, versions up to 1.4.4. The flaw is an authentication bypass caused by a weak token generation in the wdk_generate_auto_login_link function, making tokens predictable and allowing unauthenticated attackers to gain administrative access a...