Martín Martín

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions prior to 1.5.1 **Description** WP Directory Kit contains a Blind SQL Injection flaw, which occurs when special elements used in an SQL command are not properly neutralized. This allows an unauthenticated attacker to execute malicious SQL queries over the network, potentially leading to a high confidentiality impact. Blind SQL Injection is a technique where an attacker asks the database true or false questions and determines the answer based on the application's response. **Recommendations** Update to a version newer than 1.5.0.