WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection CVE-2025-13138
- Severity
- EPSS Score
- EPSS Percentile
- Vulnerability description
- Not available
- Risk description
- Not available
- Recommendation
- Not available
- References
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdirectorykit/wp-directory-kit-143-unauthenticated-sql-injection-via-select-2-ajax-functionhttps://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.4.3/application/controllers/Wdk_frontendajax.php#L546
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Cisa Kev
- No
- Exploitable with Sniper
- No
- CVE Published
- Nov 21, 2025
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.