Moole Vulnerability Database

Find real vulnerabilities before they ship

Critical

CVE-2026-39531

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0.

VectorNETWORK

PublishedMay 21, 2026, 16:16

Published Byaudit@patchstack.com

Base Score

Score9.3

Affected Versions

No affected versions found.

References

https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve

Weakness Type

CWE-89

CVSS Metrics

Base Score

9.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Base SeverityCritical

Version

3.1

Attack Vector (AV)

NETWORK