CVE-2026-39531

CRITICAL CVSS 9.3 View on NVD ↗

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

References

https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve

Published: May 21, 2026 16:16 UTC Modified: May 21, 2026 19:10 UTC