CVE-2026-42672

CRITICAL

WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability

Title source: cna

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1.

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-1-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.3

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Details

CWE

CWE-89

Status published

Products (1)

Wp Directory Kit/WP Directory Kit < 1.5.1

Published Jun 01, 2026

Tracked Since Jun 01, 2026