Cybersecurity Vulnerabilities

Critical SQL Injection Vulnerability Plagues WP Directory Kit Plugin (CVE-2025-13138)

November 21, 2025 - By 

Overview

A critical SQL Injection vulnerability, identified as CVE-2025-13138, has been discovered in the WP Directory Kit plugin for WordPress. This vulnerability affects all versions up to and including 1.4.3. Unauthenticated attackers can exploit this flaw to inject malicious SQL queries, potentially leading to sensitive data extraction from the database.

Technical Details

The vulnerability lies within the select_2_ajax() function in the Wdk_frontendajax.php file. Specifically, the columns_search parameter is not properly sanitized before being used in an SQL query. The lack of sufficient escaping on user-supplied input and inadequate preparation of the SQL query allows attackers to inject arbitrary SQL code. This injected code can then be executed against the WordPress database, bypassing security measures.

The vulnerable code can be found in Wdk_frontendajax.php#L546.

CVSS Analysis

  • CVE ID: CVE-2025-13138
  • Severity: HIGH
  • CVSS Score: 7.5

A CVSS score of 7.5 indicates a high severity vulnerability. It is remotely exploitable without requiring authentication and can lead to significant data breaches.

Possible Impact

Successful exploitation of this SQL Injection vulnerability could have severe consequences, including:

  • Data Breach: Attackers could gain access to sensitive data stored in the WordPress database, such as user credentials, personal information, and confidential business data.
  • Website Defacement: Attackers could modify website content or inject malicious code, leading to website defacement or redirection to malicious sites.
  • Account Takeover: Attackers could gain access to administrator accounts, allowing them to completely control the WordPress website.
  • Denial of Service (DoS): Attackers could inject queries that overload the database server, leading to a denial of service.

Mitigation and Patch Steps

The vulnerability has been addressed in a subsequent version of the plugin. The recommended mitigation steps are:

  • Update the Plugin: Immediately update the WP Directory Kit plugin to the latest version. The patched version addresses the SQL Injection vulnerability. You can update directly from your WordPress admin dashboard.
  • Review Changeset: Review the changeset that fixed the vulnerability at WordPress Trac Changeset.
  • If unable to update: As a temporary workaround (strongly discouraged), you could attempt to sanitize the columns_search parameter within the select_2_ajax() function. However, updating the plugin is the *only* reliable and recommended solution.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *