Wpdirectorykit

Wp Directory Kit

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-41875

  • EPSS 0.62%
  • Veröffentlicht 13.12.2024 15:15:25
  • Zuletzt bearbeitet 28.04.2026 19:21:21

Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.

6.1

CVE-2024-37487

  • EPSS 0.31%
  • Veröffentlicht 21.07.2024 08:15:02
  • Zuletzt bearbeitet 21.11.2024 09:23:55

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpdirectorykit.Com WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.3.5.

2.7

CVE-2024-37253

  • EPSS 0.32%
  • Veröffentlicht 09.07.2024 10:15:03
  • Zuletzt bearbeitet 06.03.2025 14:24:40

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit allows Code Injection.This issue affects WP Directory Kit: from n/a through 1.3.6.

8.8

CVE-2024-3217

  • EPSS 1.87%
  • Veröffentlicht 05.04.2024 08:15:07
  • Zuletzt bearbeitet 08.04.2026 17:18:41

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of suffi...

6.1

CVE-2024-29774

  • EPSS 0.42%
  • Veröffentlicht 27.03.2024 13:15:48
  • Zuletzt bearbeitet 28.04.2026 19:23:47

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.

6.1

CVE-2023-31229

  • EPSS 0.33%
  • Veröffentlicht 29.12.2023 10:15:09
  • Zuletzt bearbeitet 28.04.2026 19:20:22

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.

5.4

CVE-2023-2279

  • EPSS 0.29%
  • Veröffentlicht 31.08.2023 06:15:09
  • Zuletzt bearbeitet 08.04.2026 18:17:59

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unaut...

4.3

CVE-2023-2351

Exploit
  • EPSS 0.64%
  • Veröffentlicht 13.06.2023 02:15:09
  • Zuletzt bearbeitet 08.04.2026 18:18:00

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authentic...

9.8

CVE-2023-2278

Exploit
  • EPSS 1.69%
  • Veröffentlicht 13.06.2023 02:15:09
  • Zuletzt bearbeitet 08.04.2026 18:17:59

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, ...

4.7

CVE-2023-2277

Exploit
  • EPSS 0.34%
  • Veröffentlicht 13.06.2023 02:15:09
  • Zuletzt bearbeitet 08.04.2026 18:17:59

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated a...