CVE-2025-13089 | WP Directory Kit Plugin up to 1.4.7 on WordPress hide_fields/attr_search sql injection

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability, which was classified as critical, was found in WP Directory Kit Plugin up to 1.4.7 on WordPress. The affected element is an unknown function. Such manipulation of the argument hide_fields/attr_search leads to sql injection.

This vulnerability is traded as CVE-2025-13089. The attack may be launched remotely. There is no exploit available.

CVE-2025-13089 | WP Directory Kit Plugin up to 1.4.7 on WordPress hide_fields/attr_search sql injection

Post correlati

CVE-2025-41016 | Davantis DFUSION up to 6.186.0 /alarms// MEDIA authorization

CVE-2020-26309 | ftonato nope-validator up to 0.11.3 redos (ID 352)

CVE-2025-1338 | NUUO Camera up to 20250203 /handle_config.php print_file log command injection

CVE-2024-50473 | Ajar in5 Embed Plugin up to 3.1.3 on WordPress unrestricted upload