Wp Directory Kit Security Vulnerabilities and Issues — Wp Directory Kit CVE List

Lucene search

WpdirectorykitWp Directory Kit

7 matches found

CVE•added 2023/06/09 6:16 a.m.•43 views

CVE-2023-2280

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin sett...

6.5CVSS5.1AI score0.00133EPSS

CVE•added 2023/06/13 2:15 a.m.•36 views

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inje...

6.1CVSS4.4AI score0.00156EPSS

CVE•added 2023/06/13 2:15 a.m.•33 views

CVE-2023-2278

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those f...

9.8CVSS9.9AI score0.00405EPSS

CVE•added 2023/06/02 7:15 a.m.•31 views

CVE-2023-2835

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS6.4AI score0.00677EPSS

CVE•added 2023/06/13 2:15 a.m.•28 views

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions ...

6.5CVSS5.2AI score0.00119EPSS

CVE•added 2023/12/29 10:15 a.m.•27 views

CVE-2023-31229

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.

6.1CVSS5.4AI score0.00202EPSS

CVE•added 2023/08/31 6:15 a.m.•26 views

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated attackers to delete or change plugin s...

5.4CVSS5.1AI score0.00065EPSS