Wpdirectorykit Wp Directory Kit
15 CVEs affecting Wpdirectorykit Wp Directory Kit. Latest disclosed: 2026-01-24. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-2278 | Critical | 9.8 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. T… |
CVE-2024-3217 | High | 8.8 | 2024-04-05 | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and inc… |
CVE-2025-13089 | High | 7.5 | 2025-12-13 | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, and inclu… |
CVE-2025-13138 | High | 7.5 | 2025-11-21 | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all versions up… |
CVE-2024-29774 | High | 7.1 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This… |
CVE-2023-2351 | Medium | 6.5 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_ad… |
CVE-2023-2280 | Medium | 6.5 | 2023-06-09 | The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_pu… |
CVE-2025-13525 | Medium | 6.1 | 2025-11-27 | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1… |
CVE-2023-2277 | Medium | 6.1 | 2023-06-13 | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorr… |
CVE-2023-2835 | Medium | 6.1 | 2023-06-02 | The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 du… |
CVE-2023-2279 | Medium | 5.4 | 2023-08-31 | The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorr… |
CVE-2025-13920 | Medium | 5.3 | 2026-01-24 | The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action… |
CVE-2025-60120 | Medium | 5.3 | 2025-09-26 | Missing Authorization vulnerability in WPDirectoryKit WP Directory Kit wpdirectorykit allows Exploiting Incorrectly Configured Access Control Security Levels.T… |
CVE-2025-13090 | Medium | 4.9 | 2025-12-02 | The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insuffic… |
CVE-2024-37253 | Low | 2.7 | 2024-07-09 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code… |