Overview
A critical SQL injection vulnerability, identified as CVE-2025-13090, has been discovered in the WP Directory Kit plugin for WordPress. This vulnerability affects all versions up to and including 1.4.6. Exploitation of this vulnerability could allow attackers with Administrator-level access to extract sensitive information from the WordPress database.
Technical Details
The vulnerability stems from insufficient input sanitization of the ‘search’ parameter. Specifically, the WP Directory Kit plugin fails to properly escape user-supplied input in the ‘search’ parameter. Coupled with a lack of sufficient preparation in the existing SQL query, this allows an attacker to inject malicious SQL code. An authenticated attacker with Administrator-level access (or higher) can then manipulate database queries to retrieve sensitive data, potentially including user credentials, configuration details, and other confidential information stored in the database.
CVSS Analysis
- CVE ID: CVE-2025-13090
- Severity: MEDIUM
- CVSS Score: 4.9
- CVSS Vector: (Please consult NVD or similar databases for the full CVSS vector string)
A CVSS score of 4.9 indicates a Medium severity vulnerability. While requiring Administrator-level access lowers the overall score, the potential impact of a successful SQL injection attack warrants immediate attention.
Possible Impact
A successful SQL injection attack exploiting CVE-2025-13090 could have severe consequences, including:
- Data Breach: Sensitive data, such as user credentials (usernames, passwords, email addresses), private data, and other confidential information, could be exposed.
- Account Takeover: Attackers could use compromised credentials to gain unauthorized access to administrator accounts, leading to full control of the WordPress site.
- Data Manipulation: Attackers might be able to modify or delete data within the database, potentially causing significant disruption to the website’s functionality.
- Website Defacement: With database access, attackers could modify website content, deface the site, or inject malicious code into web pages.
Mitigation and Patch Steps
The recommended course of action is to update the WP Directory Kit plugin to the latest available version. Verify that the latest version addresses the SQL injection vulnerability. If an update is not available, consider temporarily disabling the plugin until a patch is released. It is also good practice to implement a web application firewall (WAF) with rules to detect and block SQL injection attempts.