CRITICAL
Wp Directory Kit
CVE published 2026-05-21
CVE-2026-39531
CVE-2026-39531 is a critical blind SQL injection issue affecting the WP Directory Kit plugin through version 1.5.0. The vulnerability was published on 2026-05-21 and has a CVSS 3.1 score of 9.3, with NVD listing the record as Deferred. Because the supplied source attribution is incomplete, the vendor identity should be treated carefully and validated against the linked Patchstack reference before making o [truncated]