Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wpdirectorykit wp directory kit vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated malicious users to include and execute arbitrary files on the server, allowing the e...
Wpdirectorykit Wp Directory Kit
5.4
CVSSv3
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated malicious...
Wpdirectorykit Wp Directory Kit
5.3
CVSSv3
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated malicious us...
Wpdirectorykit Wp Directory Kit
4.3
CVSSv3
CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with ...
Wpdirectorykit Wp Directory Kit
6.1
CVSSv3
CVE-2023-31229
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a up to and including 1.1.9.
Wpdirectorykit Wp Directory Kit
6.1
CVSSv3
CVE-2023-2835
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious ...
Wpdirectorykit Wp Directory Kit
4.7
CVSSv3
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated malicious users to up...
Wpdirectorykit Wp Directory Kit
NA
CVE-2024-29774
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a up to and including 1.2.9.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started