PatchSiren cyber security CVE debrief
CVE-2026-39534 Wp Directory Kit CVE debrief
CVE-2026-39534 is a HIGH severity vulnerability (CVSS Score: 7.5) in the WP Directory Kit plugin versions <= 1.5.0. The vulnerability is caused by unauthenticated broken access control. The CVE was published on [cvePublishedAt]2026-06-15T21:16:47.310Z[/cvePublishedAt] and last modified on [cveModifiedAt]2026-06-15T21:24:32.790Z[/cveModifiedAt]. For more information, refer to the [resourceLinkAnnotations id='cve-org']CVE-2026-39534 CVE record[/resourceLinkAnnotations] and [resourceLinkAnnotations id='nvd']CVE-2026-39534 NVD detail[/resourceLinkAnnotations].
- Vendor
- Wp Directory Kit
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WP Directory Kit plugin versions <= 1.5.0 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is caused by unauthenticated broken access control in WP Directory Kit plugin versions <= 1.5.0. This could allow attackers to access sensitive information or perform unauthorized actions.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to WP Directory Kit plugin to version > 1.5.0.
- Refer to [resourceLinkAnnotations id='ref-4']Mitigation or vendor reference[/resourceLinkAnnotations] for additional guidance.
Evidence notes
Vendor and product information is not confirmed. The CVE is categorized under CWE-862.
Official resources
-
CVE-2026-39534 CVE record
CVE.org
-
CVE-2026-39534 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39534 was published on 2026-06-15T21:16:47.310Z and last modified on 2026-06-15T21:24:32.790Z.