WordPress WP Directory Kit plugin

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.

This issue affects WP Directory Kit: from n/a through 1.5.0.

AI Analysis

SQL Injection vulnerability in WP Directory Kit plugin

Basic Information

ID CVE-2026-39531

Source Patchstack

Published May 21, 2026 at 15:08

Modified May 21, 2026 at 15:13

Affected Product

Vendor Wp Directory Kit

Product WP Directory Kit

Version n/a

Affected Versions Wp Directory Kit WP Directory Kit n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor WP Directory Kit

Product WP Directory Kit plugin

Version 1.5.0

References

patchstack.com /database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.\n\nThis issue affects WP Directory Kit: from n/a through 1.5.0.",
    "published": "2026-05-21T15:08:24.506Z",
    "modified": "2026-05-21T15:13:02.997Z",
    "type": "cve",
    "title": "WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-39531",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Wp Directory Kit WP Directory Kit n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Directory Kit",
    "version": "n/a",
    "vendor": "Wp Directory Kit",
    "ai_description": "SQL Injection vulnerability in WP Directory Kit plugin",
    "ai_severity": "Critical",
    "ai_vendor": "WP Directory Kit",
    "ai_product": "WP Directory Kit plugin",
    "ai_version": "1.5.0",
    "ai_score": 9.3
}

WordPress WP Directory Kit plugin <= 1.5.0 - SQL Injection vulnerability_CVE-2026-39531