Browse all 17 CVE security advisories affecting WpDirectoryKit. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpdirectorykit serves as a WordPress plugin for creating and managing directory listings, commonly used for business directories or member directories. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's 17 recorded CVEs indicate a pattern of insufficient input validation and improper access controls. Notable security characteristics include its extensive attack surface due to directory listing functionality and frequent exposure to unauthenticated attacks. The high number of CVEs suggests ongoing security challenges, with vulnerabilities often allowing attackers to execute arbitrary code, manipulate database contents, or gain elevated privileges on affected WordPress installations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14618 | Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion — Sweet Energy EfficiencyCWE-862 | 4.3 | Medium | 2025-12-18 |
| CVE-2025-58262 | WordPress Sweet Energy Efficiency plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerability — Sweet Energy EfficiencyCWE-352 | 7.1 | High | 2025-09-22 |
This page lists every published CVE security advisory associated with WpDirectoryKit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.