Vulnerabilities in WPDirectoryKit
17 resultsCVE-2024-3217HIGHWP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL InjectionEPSS 1.9%CVE-2023-2278CRITICALWP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_actionEPSS 1.7%CVE-2025-13138HIGHWP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() FunctionEPSS 1.4%CVE-2023-2835MEDIUMWP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search'EPSS 0.7%CVE-2025-13920MEDIUMWP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_actionEPSS 0.7%CVE-2023-2351MEDIUMWP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_actionEPSS 0.6%CVE-2023-2280MEDIUMWP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_actionEPSS 0.6%CVE-2024-29774HIGHWordPress WP Directory Kit plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2023-2277MEDIUMWP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitemEPSS 0.3%CVE-2024-37253LOWWordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerabilityEPSS 0.3%CVE-2025-13089HIGHWP Directory Kit <= 1.4.7 - Unauthenticated SQL InjectionEPSS 0.3%CVE-2023-2279MEDIUMWP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_displayEPSS 0.3%CVE-2025-60120MEDIUMWordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13090MEDIUMWP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL InjectionEPSS 0.3%CVE-2025-13525MEDIUMWP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' ParameterEPSS 0.2%CVE-2025-14618MEDIUMSweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph DeletionEPSS 0.2%CVE-2025-58262HIGHWordPress Sweet Energy Efficiency plugin <= 1.0.8 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%