PatchSiren

Wp Directory Kit CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Wp Directory Kit CVE published 2026-06-15

CVE-2026-39534

CVE-2026-39534 is a HIGH severity vulnerability (CVSS Score: 7.5) in the WP Directory Kit plugin versions <= 1.5.0. The vulnerability is caused by unauthenticated broken access control. The CVE was published on [cvePublishedAt]2026-06-15T21:16:47.310Z[/cvePublishedAt] and last modified on [cveModifiedAt]2026-06-15T21:24:32.790Z[/cveModifiedAt]. For more information, refer to the [resourceLinkAnnotations i [truncated]

CRITICAL Wp Directory Kit CVE published 2026-06-01

CVE-2026-42672

A critical blind SQL injection vulnerability exists in the WP Directory Kit WordPress plugin, affecting versions up to and including 1.5.1. The vulnerability stems from improper neutralization of special elements in SQL commands (CWE-89), allowing unauthenticated attackers to manipulate database queries. With a CVSS 3.1 score of 9.3, this vulnerability presents severe risk due to network attack vector, lo [truncated]

CRITICAL Wp Directory Kit CVE published 2026-05-21

CVE-2026-39531

CVE-2026-39531 is a critical blind SQL injection issue affecting the WP Directory Kit plugin through version 1.5.0. The vulnerability was published on 2026-05-21 and has a CVSS 3.1 score of 9.3, with NVD listing the record as Deferred. Because the supplied source attribution is incomplete, the vendor identity should be treated carefully and validated against the linked Patchstack reference before making o [truncated]