CVE Catalog

CVE-2026-39531

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-39531 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in WP Directory Kit.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database information, potentially leading to serious security breaches.

Recommendation

It is recommended to update WP Directory Kit to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS