CVE-2025-13390

CRITICAL EXPLOITED NUCLEI

Wpdirectorykit WP Directory Kit < 1.4.4 - Authentication Bypass

Title source: rule

Description

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.

Exploits (3)

nomisec WORKING POC

by Nxploited · remote

https://github.com/Nxploited/CVE-2025-13390

View Code ZIP pw:eip

github NO CODE

by sidmug3307 · poc

https://github.com/sidmug3307/CVE-2025-13390-Exploit

View Code ZIP pw:eip

nomisec WORKING POC

by d0n601 · remote

https://github.com/d0n601/CVE-2025-13390

View Code ZIP pw:eip

Nuclei Templates (1)

WP Directory Kit <= 1.4.4 - Authentication Bypass

CRITICALVERIFIEDby maxthepm

Shodan: html:"/wp-content/plugins/wpdirectorykit"

FOFA: body:/wp-content/plugins/wpdirectorykit

References (4)

[Exploit, Third Party Advisory] https://github.com/d0n601/CVE-2025-13390

[Patch] https://plugins.trac.wordpress.org/changeset/3400599/wpdirectorykit/

[Exploit] https://ryankozak.com/posts/cve-2025-13390/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/6598d171-e68c-4d2f-9cd1-f1574fa90433?source=cve

Scores

CVSS v3 10.0

EPSS 0.3672

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-12-03

CWE

CWE-303

Status published

Products (1)

wpdirectorykit/wp_directory_kit < 1.4.4

Published Dec 03, 2025

Tracked Since Feb 18, 2026