Description
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2025-11-21
Score: 7.5 High
EPSS: 10.7% Moderate
KEV: No
Impact: Unauthenticated SQL Injection – Data Breach via plugin parameter
Action: Patch Immediately
AI Analysis

Impact

The WP Directory Kit plugin for WordPress contains a flaw in the select_2_ajax() function: the columns_search parameter is not escaped and the overall query is not properly prepared. This allows an attacker to inject arbitrary SQL commands. Consequently, an unauthenticated visitor can append additional queries to the existing database statements and retrieve sensitive information, exposing confidential data. The weakness aligns with CWE‑89, reflecting an improper neutralization of input used in an SQL context.

Affected Systems

Any WordPress installation that has the WP Directory Kit plugin installed in versions 1.4.3 or earlier is vulnerable. The plugin vendor is wpdirectorykit, and the issue affects all normal users of the plugin on any site running those versions.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity vulnerability that can be exploited remotely without credentials. An EPSS score of 10% suggests moderate probability of exploitation in the near term. The vulnerability is not yet listed in the CISA KEV catalog. Attackers can launch the exploit by sending a crafted HTTP request to the plugin’s AJAX endpoint, leveraging the unauthenticated nature of the call. If successful, they could exfiltrate user data, login credentials, or other database contents.

Generated by OpenCVE AI on April 22, 2026 at 16:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WP Directory Kit to version 1.4.4 or later where the SQL injection fix is applied
  • If an update is not immediately possible, deactivate or uninstall the plugin to eliminate the attack surface
  • Configure a web application firewall rule to block or flag requests that contain suspicious SQL injection patterns in the columns_search parameter

Generated by OpenCVE AI on April 22, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 24 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Listingthemes
Listingthemes wpdirectory Kit
Wordpress
Wordpress wordpress
Vendors & Products Listingthemes
Listingthemes wpdirectory Kit
Wordpress
Wordpress wordpress

Fri, 21 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 21 Nov 2025 09:45:00 +0000

Type Values Removed Values Added
Description The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Listingthemes Wpdirectory Kit
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:35:08.436Z

Reserved: 2025-11-13T18:46:29.325Z

Link: CVE-2025-13138

cve-icon Vulnrichment

Updated: 2025-11-21T14:44:07.618Z

cve-icon NVD

Status : Deferred

Published: 2025-11-21T10:15:48.593

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T16:45:21Z

Weaknesses