Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Kit: from n/a through 1.5.1.
AnalysisAI
Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.1) allows remote unauthenticated attackers to inject crafted SQL fragments into backend queries, enabling extraction of database contents and limited tampering with site availability. The CVSS 9.3 score reflects network-reachable exploitation with no privileges or user interaction and a scope change into the WordPress database context; no public exploit identified at time of analysis, though Patchstack has cataloged the flaw.
Technical ContextAI
WP Directory Kit is a WordPress plugin (CPE cpe:2.3:a:wp_directory_kit:wp_directory_kit) used to build directory listings inside WordPress sites. The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), meaning user-controllable input is concatenated into a SQL query without parameterized binding or proper escaping via wpdb->prepare(). Because the variant is blind SQL injection, the vulnerable endpoint does not echo query results directly; attackers infer data through boolean/time-based side channels against the underlying MySQL/MariaDB database that backs WordPress.
RemediationAI
Patch available per vendor advisory: upgrade WP Directory Kit beyond 1.5.1 to the fixed release listed in the Patchstack entry at https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-1-sql-injection-vulnerability; the exact patched version number is not stated in the input data, so confirm against the advisory before deploying. If immediate upgrade is not possible, deactivate the WP Directory Kit plugin until patched (trade-off: directory listing pages will return 404 or blank), or front the site with a WAF such as Patchstack, Wordfence, or Cloudflare with SQLi rules tuned for the plugin's request paths (trade-off: rule bypasses are common against blind SQLi and false positives may break legitimate directory search/filter parameters). Additionally, restrict database user privileges so the WordPress DB account cannot read tables outside the WordPress schema, reducing data exposure from any future SQLi.
More in Wp Directory Kit
View allThe WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' pa
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a m
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,
Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.0) allows remote unauthen
Unauthenticated broken access control in the WP Directory Kit WordPress plugin (versions ≤ 1.5.0) allows remote attacker
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a m
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectory
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33691
GHSA-6w2j-fvqj-5fjx