CVE-2026-42672

CRITICAL

9.3CVSS v3

—CVSS v2

0.04% EPSS (exploit probability)

CWE-89CWE

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.

This issue affects WP Directory Kit: from n/a through 1.5.1.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE