Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPDirectoryKit — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting WPDirectoryKit. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpdirectorykit serves as a WordPress plugin for creating and managing directory listings, commonly used for business directories or member directories. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's 17 recorded CVEs indicate a pattern of insufficient input validation and improper access controls. Notable security characteristics include its extensive attack surface due to directory listing functionality and frequent exposure to unauthenticated attacks. The high number of CVEs suggests ongoing security challenges, with vulnerabilities often allowing attackers to execute arbitrary code, manipulate database contents, or gain elevated privileges on affected WordPress installations.

Found 15 results / 17Clear Filters
Top products by WPDirectoryKit: WP Directory Kit Sweet Energy Efficiency
CVE IDTitleCVSSSeverityPublished
CVE-2025-13920 WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action — WP Directory KitCWE-200 5.3 Medium2026-01-24
CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection — WP Directory KitCWE-89 7.5 High2025-12-13
CVE-2025-13090 WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection — WP Directory KitCWE-89 4.9 Medium2025-12-02
CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter — WP Directory KitCWE-79 6.1 Medium2025-11-27
CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function — WP Directory KitCWE-89 7.5 High2025-11-21
CVE-2025-60120 WordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerability — WP Directory KitCWE-862 5.3 Medium2025-09-26
CVE-2024-37253 WordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability — WP Directory KitCWE-74 2.7 Low2024-07-09
CVE-2024-3217 WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection — WP Directory KitCWE-89 8.8 High2024-04-05
CVE-2024-29774 WordPress WP Directory Kit plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability — WP Directory KitCWE-79 7.1 High2024-03-27
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display — WP Directory KitCWE-352 5.4 Medium2023-08-31
CVE-2023-2278 WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action — WP Directory KitCWE-22 9.8 Critical2023-06-13
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem — WP Directory KitCWE-352 6.1 Medium2023-06-13
CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action — WP Directory KitCWE-862 6.5 Medium2023-06-13
CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action — WP Directory KitCWE-862 6.5 Medium2023-06-09
CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search' — WP Directory KitCWE-79 6.1 Medium2023-06-02

This page lists every published CVE security advisory associated with WPDirectoryKit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.