This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: WP Directory Kit β€1.4.4 has a critical **Authentication Bypass**. The auto-login token uses a weak MD5 hash of only the first 10 chars of `user_id`.β¦
π‘οΈ **Root Cause**: **CWE-303** (Improper Authentication). The flaw lies in the **cryptographically weak token generation**. It relies on a predictable MD5 prefix of the user ID instead of a secure, random session token.β¦
π **Privileges**: Attackers gain **Administrator Access**. π **Data**: Full read/write access to all site data, plugins, themes, and database.β¦
π **Threshold**: **Extremely Low**. π« **Auth Required**: **None**. No login needed. βοΈ **Config**: No special configuration required. The vulnerability is inherent in the code logic for `user_id=1` (default admin).β¦
π **Self-Check**: 1. Check plugin version in WP Dashboard. 2. Scan for `WP Directory Kit` β€1.4.4. 3. Use Nuclei or similar scanners with the CVE-2025-13390 template. 4.β¦
π§ **Workaround**: If patching is delayed, **disable the plugin** entirely. π« **Block Access**: Restrict access to the plugin's auto-login endpoints via WAF or `.htaccess`.β¦