Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-42672: WP Directory Kit SQL Injection Risk: Unauthorized Access
CVE-2026-42672
Summary
WP Directory Kit, a plugin for WordPress, has a security flaw that could allow attackers to access sensitive information. This could happen if an attacker sends malicious input to the plugin's database. To stay safe, update to the latest version of WP Directory Kit or remove it if you're not using it.
Original title
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory ...
Original description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Kit: from n/a through 1.5.1.
This issue affects WP Directory Kit: from n/a through 1.5.1.
nvd CVSS3.1
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026