Perceptive Security
SOC/SIEM Consultancy
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injecti…
Published:
31 mei 2026 om 22:00:00
Alert date:
1 juni 2026 om 18:04:01
Source:
nvd.nist.gov
Web Technologies
A Blind SQL Injection vulnerability has been identified in the WP Directory Kit WordPress plugin. The vulnerability stems from improper neutralization of special elements used in SQL commands. This security flaw affects WP Directory Kit versions from unknown starting point through version 1.5.1. The vulnerability allows attackers to perform blind SQL injection attacks against affected WordPress installations. This could potentially lead to unauthorized database access and data extraction. Users of WP Directory Kit should update to a patched version when available.
Technical details
Mitigation steps:
Affected products:
WP Directory Kit
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-42672
https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-1-sql-injection-vulnerability?_s_id=cve
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.