DirectoryPress Exposes Sensitive System Data to Unauthorized Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

DirectoryPress Exposes Sensitive System Data to Unauthorized Access

CVE-2026-39566

Summary

DirectoryPress, a WordPress plugin, stores sensitive system information in a way that allows unauthorized users to access it. This means that attackers can potentially gain information about your system's configuration and data. Update to a version of DirectoryPress 3.6.27 or later to fix this issue.

Original title

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Di...

Original description

Vulnerability type

CWE-497

https://patchstack.com/database/Wordpress/Plugin/directorypress/vulnerability/wo...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026