WP Directory Kit
wpdirectorykit
Developer
1.4.8
Latest version
3,000
Installations
1 day ago
Last updated
Vulnerability history
0 present
16 fixed
11 Mitigation rules
- Authentication Bypass to Privilege Escalation via Account Takeover vulnerability1.4.0-1.4.44 days ago
- Authenticated (Admin+) SQL Injection vulnerability<= 1.4.65 days ago
- Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability<= 1.4.5Nov 27, 2025
- Unauthenticated SQL Injection via select_2_ajax() Function vulnerability<= 1.4.3Nov 21, 2025
- Broken Access Control vulnerability<= 1.4.0Sep 26, 2025
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.3.5Jul 4, 2024
- HTML Injection vulnerability<= 1.3.6Jun 26, 2024
- Authenticated (Subscriber+) SQL Injection vulnerability<= 1.3.0Apr 5, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.2.9Mar 25, 2024
- Broken Access Control vulnerability<= 1.2.6Sep 5, 2023
- Unauthenticated Local File Inclusion vulnerability< 1.2.0Jun 22, 2023
- Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action vulnerability<= 1.2.3Jun 13, 2023
- Reflected Cross-Site Scripting via 'search' vulnerability<= 1.2.3Jun 2, 2023
- Multiple Cross-Site Request Forgery vulnerability<= 1.2.1May 4, 2023
- Multiple Missing Authorization vulnerability<= 1.2.2May 4, 2023
- Open Redirection vulnerability<= 1.1.9Apr 27, 2023