CVE-2026-39531

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.5.1

Description WP Directory Kit contains a Blind SQL Injection flaw, which occurs when special elements used in an SQL command are not properly neutralized. This allows an unauthenticated attacker to execute malicious SQL queries over the network, potentially leading to a high confidentiality impact. Blind SQL Injection is a technique where an attacker asks the database true or false questions and determines the answer based on the application's response.

Recommendations Update to a version newer than 1.5.0.