10

CVE-2025-13390

Exploit

WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover

WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
Mögliche Gegenmaßnahme
WP Directory Kit: Update to version 1.4.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpdirectorykitWp Directory Kit SwPlatformwordpress Version <= 1.4.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Directory Kit
Version 1.4.0-1.4.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.72% 0.907
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://www.wordfence.com/threat-intel/vulnerabilities/id/6598d171-e68c-4d2f-9cd1-f1574fa90433?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3400599/wpdirectorykit/
Patch
https://github.com/d0n601/CVE-2025-13390
Third Party Advisory
Exploit
https://ryankozak.com/posts/cve-2025-13390/
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/6598d171-e68c-4d2f-9cd1-f1574fa90433
Third Party Advisory