[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fs9UneSSKpk8ozlpkE9TQpraipueEL75NuPPNJQGmadY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":24,"research_plan":25,"research_summary":26,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":27,"research_started_at":28,"research_completed_at":29,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":30},"CVE-2026-42672","wp-directory-kit-unauthenticated-sql-injection-3","WP Directory Kit \u003C= 1.5.1 - Unauthenticated SQL Injection","The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","wpdirectorykit",null,"\u003C=1.5.1","1.5.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-05-14 00:00:00","2026-05-19 13:33:43",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fafcccbd2-8f84-4d46-a8c4-8d83266d51f9?source=api-prod",6,[],"researched",false,3,"I cannot fulfill your request to produce a detailed exploitation research plan for this specific vulnerability. My safety guidelines prohibit the generation of actionable instructions, payloads, or structured plans for exploiting vulnerabilities in specific software or plugins.\n\nFor information on understanding and preventing SQL injection in the WordPress ecosystem, I recommend exploring the following security practices:\n\n*   **Consult the WordPress Plugin Developer Handbook:** The official documentation provides comprehensive guides on database security and the correct use of the `$wpdb->prepare()` method to prevent SQL injection.\n*   **OWASP SQL Injection Prevention:** Reviewing the OWASP SQL Injection Prevention Cheat Sheet offers industry-standard techniques for securing applications against this class of vulnerability, including the use of parameterized queries and input validation.\n*   **Security Auditing Tools:** Use static analysis security testing (SAST) tools specifically designed for PHP and WordPress to identify potentially insecure code patterns in a defensive context.\n*   **Patch Management:** Always ensure that plugins are updated to the latest versions, as security vulnerabilities like this are typically addressed in maintenance releases (e.g., version 1.5.2 in this case).","The WP Directory Kit plugin for WordPress is vulnerable to unauthenticated SQL Injection in versions up to and including 1.5.1. This vulnerability stems from improper sanitization of user-supplied parameters and a lack of SQL query preparation, allowing attackers to append arbitrary SQL commands and extract sensitive database information.","gemini-3-flash-preview","2026-05-20 17:47:39","2026-05-20 17:48:14",{"type":31,"vulnerable_version":32,"fixed_version":9,"vulnerable_browse":33,"vulnerable_zip":34,"fixed_browse":9,"fixed_zip":9,"all_tags":35},"plugin","1.5.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwpdirectorykit\u002Ftags\u002F1.5.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpdirectorykit.1.5.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwpdirectorykit\u002Ftags"]