Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-39531: WP Directory Kit SQL Injection Risk: Data Exposure
CVE-2026-39531
Summary
WP Directory Kit versions 1.5.0 and earlier are vulnerable to a SQL injection attack, which could allow an attacker to access sensitive data. This is a serious issue because it could lead to unauthorized access to your website's database. To protect your site, update WP Directory Kit to the latest version or consider replacing it with a secure alternative.
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory ...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Kit: from n/a through 1.5.0.
This issue affects WP Directory Kit: from n/a through 1.5.0.
nvd CVSS3.1
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 21 May 2026 · Updated: 28 May 2026 · First seen: 21 May 2026