CVE-2025-13390
WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover
criticalIncorrect Implementation of Authentication Algorithm
10.0
CVSS Score
10.0
CVSS Score
critical
Severity
1.4.5
Patched in
1d
Time to patch
Description
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAttack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
High
Confidentiality
High
Integrity
High
Availability
Technical Details
Affected versions
>=1.4.0 <=1.4.4PublishedDecember 3, 2025
Last updatedDecember 3, 2025
Affected pluginwpdirectorykit
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.