WP Directory Kit

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.

AI Analysis

Authentication bypass vulnerability in WP Directory Kit plugin due to weak token generation, allowing unauthenticated attackers to gain administrative access.

Basic Information

ID CVE-2025-13390

Source Wordfence

Published Dec 3, 2025 at 13:52

Modified Dec 3, 2025 at 18:00

Affected Product

Vendor listingthemes

Product WP Directory Kit

Version 1.4.0

Affected Versions listingthemes WP Directory Kit 1.4.0

CWE Classification

CWE-303

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor listingthemes

Product WP Directory Kit

Version 1.4.4 and below

References

{
    "lastseen": "",
    "description": "The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the \"wdk_generate_auto_login_link\" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.",
    "published": "2025-12-03T13:52:44.263Z",
    "modified": "2025-12-03T18:00:30.049Z",
    "type": "cve",
    "title": "WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6598d171-e68c-4d2f-9cd1-f1574fa90433?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3400599/wpdirectorykit/\nhttps://github.com/d0n601/CVE-2025-13390\nhttps://ryankozak.com/posts/cve-2025-13390/",
    "id": "CVE-2025-13390",
    "bulletinFamily": "",
    "cwe": [
        "CWE-303"
    ],
    "cvelist": null,
    "sourceData": "listingthemes WP Directory Kit 1.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Directory Kit",
    "version": "1.4.0",
    "vendor": "listingthemes",
    "ai_description": "Authentication bypass vulnerability in WP Directory Kit plugin due to weak token generation, allowing unauthenticated attackers to gain administrative access.",
    "ai_severity": "Critical",
    "ai_vendor": "listingthemes",
    "ai_product": "WP Directory Kit",
    "ai_version": "1.4.4 and below",
    "ai_score": 10
}

WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover_CVE-2025-13390