WP Directory Kit
WPDirectoryKit
Developer
1.5.1
Latest version
3,000
Installations
No date
Last updated
Vulnerability history
0 present
18 patched
12 Mitigation rules
- Unauthenticated Email Exposure via wdk_public_action vulnerability<= 1.4.927/01/2026
- Unauthenticated SQL Injection vulnerability<= 1.4.716/12/2025
- Authentication Bypass to Privilege Escalation via Account Takeover vulnerability1.4.0-1.4.403/12/2025
- Authenticated (Admin+) SQL Injection vulnerability<= 1.4.601/12/2025
- Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability<= 1.4.527/11/2025
- Unauthenticated SQL Injection via select_2_ajax() Function vulnerability<= 1.4.321/11/2025
- Broken Access Control vulnerability<= 1.4.026/09/2025
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.3.504/07/2024
- HTML Injection vulnerability<= 1.3.626/06/2024
- Authenticated (Subscriber+) SQL Injection vulnerability<= 1.3.005/04/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.2.925/03/2024
- Broken Access Control vulnerability<= 1.2.605/09/2023
- Unauthenticated Local File Inclusion vulnerability< 1.2.022/06/2023
- Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action vulnerability<= 1.2.313/06/2023
- Reflected Cross-Site Scripting via 'search' vulnerability<= 1.2.302/06/2023
- Multiple Cross-Site Request Forgery vulnerability<= 1.2.104/05/2023
- Multiple Missing Authorization vulnerability<= 1.2.204/05/2023
- Open Redirection vulnerability<= 1.1.927/04/2023