CVE-2025-13138
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
<p>Very easy to use and install, plugin will allow you to manage Listings, Categories, Fields from your admin dashboard.</p>
<p>As part of project solution we also build WordPress Theme for Real Estate Agency:</p>
<p><a href="https://wpdirectorykit.com/themes/nexproperty.html" rel="nofollow ugc">NexProperty – Property WordPress Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/real-estate-golden.html" rel="nofollow ugc">Real Estate Golden – WordPress Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/moison.html" rel="nofollow ugc">Realtor Directory Moison – WordPress Real Estate Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/apartment.html" rel="nofollow ugc">Apartment – WordPress Real Estate Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/real-estate-villa.html" rel="nofollow ugc">Villa – WordPress Real Estate Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/real-estate-dark-house.html" rel="nofollow ugc">Dark House – WordPress Real Estate Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/real-estate-realista.html" rel="nofollow ugc">Real Estate Realista – WordPress Theme</a></p>
<p><a href="https://wpdirectorykit.com/themes/real-estate-yillow.html" rel="nofollow ugc">Real Estate Yillow – WordPress Theme</a></p>
<p>WordPress Theme for Car Dealers, <a href="https://wpdirectorykit.com/themes/car-dealer-nexcars.html" rel="nofollow ugc">NexCars</a></p>
<p>WordPress Theme for Classified ADS, <a href="https://www.wpdirectorykit.com/themes/classified-ads-directory.html" rel="nofollow ugc">Classified ADS</a></p>
<p>Full-Service Real Estate Website Solution for your Apartment, Villa, House, basic tourism services, or even a complete Agency based on WP Directory Kit, <a href="https://webapartman.com/" rel="nofollow ugc">WebApartman.com</a></p>
<p>Can be also used for Business Directory, Store Locator, Classified Ads, Doctors Directory, Job Portal or any other type of Directory.</p>
<p>Almost everything possible to design visually in Elementor, including front pages, resutls pages, listing preview pages etc.</p>
<p>Visual designing support for search form and result item/cards.</p>
<p>More info on <a href="https://wpdirectorykit.com/" rel="nofollow ugc">wpdirectorykit.com</a></p>
<p>Documentation: <a href="http://wpdirectorykit.com/documentation/" rel="nofollow ugc">http://wpdirectorykit.com/documentation/</a></p>
<h3>Videos</h3>
<span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/ILVXyiIt1PI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span>
<span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/cewZBOGzbPg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span>
<span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/NhAHlMg-hpQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span>
<h3>Features</h3>
<ul>
<li>Manage Listings</li>
<li>Manage Categories</li>
<li>Manage Fields</li>
<li>Different fields based on category</li>
<li>Select listings agent</li>
<li>Manage indoor amenities</li>
<li>Manage outdoor amenities</li>
<li>Listing plans</li>
<li>Galleries and Sliders on Listing Preview</li>
<li>Multi category and locations search</li>
<li>Multimedia fields integration</li>
<li>Result items support video and slider</li>
<li>Price range search slider</li>
<li>Translatable to any language</li>
<li>Multiple agents, categories, listings support</li>
<li>Full Elementor compatibility</li>
<li>Messaging support</li>
<li>Demo data import for Real Estate and Car Dealership</li>
<li>Open street maps support</li>
<li>Energy efficiency plugin available here: <a href="https://wordpress.org/plugins/sweet-energy-efficiency/" rel="ugc">Download</a></li>
</ul>
<h3>Premium PAID addons / plugins / features available</h3>
<p><a href="http://wpdirectorykit.com/plugins.html" rel="nofollow ugc">Official Premium Addons Here</a></p>
<ul>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-membership.html" rel="nofollow ugc">Membership Subscriptions & Features</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-booking-calendar.html" rel="nofollow ugc">Booking & Calendar</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-import-export.html" rel="nofollow ugc">Import/Export from other portal, idx or similar</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-multy-currency.html" rel="nofollow ugc">Multi Currency</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-favorites.html" rel="nofollow ugc">Favorites</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-review-system.html" rel="nofollow ugc">Review system</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-profile-picture-uploader.html" rel="nofollow ugc">Profile picture uploader</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-mortgage-loan-calculator.html" rel="nofollow ugc">Mortgage Calculator</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-facebook.html" rel="nofollow ugc">Facebook Comments</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-mailchimp.html" rel="nofollow ugc">Mailchimp integration</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-report-abuse.html" rel="nofollow ugc">Report Abuse</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-payments.html" rel="nofollow ugc">Listing Payments</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-compare-listings.html" rel="nofollow ugc">Compare Listings</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-save-search.html" rel="nofollow ugc">Save Search with Email Alerts</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-duplicate-listing.html" rel="nofollow ugc">Duplicate Listing</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-pdf-download.html" rel="nofollow ugc">PDF Download</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-listing-claim.html" rel="nofollow ugc">Claim / Take Ownership</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-svg-map.html" rel="nofollow ugc">WDK Svg Maps</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-geo-coding.html" rel="nofollow ugc">WDK Geo Coding</a></li>
<li><a href="https://wpdirectorykit.com/plugins/wp-directory-messages-chat.html" rel="nofollow ugc">WDK Live Messages Chat</a></li>
<li><a href="https://wpdirectorykit.com/mobile-app.html" rel="nofollow ugc">Mobile Apps for iOS and Android</a></li>
</ul>
<p>Contact for security issues: https://wpdirectorykit.com/contact/</p>
<h3>Credits</h3>
<ul>
<li>Stocksnap Images </li>
<li>License: StockSnap’s CC0 License</li>
<li>
<p>Source: https://stocksnap.io/license<br />
https://stocksnap.io/photo/interior-design-478BZDEA2Y<br />
https://stocksnap.io/photo/house-interior-APBDJIC32G<br />
https://stocksnap.io/photo/apartment-bed-EGXWIV409M<br />
https://stocksnap.io/photo/sea-ocean-62BFZ9QZUZ</p>
</li>
<li>
<p>License: CC0 License</p>
</li>
<li>
<p>Source: https://pxhere.com/license<br />
https://pxhere.com/en/photo/713542<br />
https://pxhere.com/en/photo/925637<br />
https://pxhere.com/en/photo/862253<br />
https://pxhere.com/en/photo/1642266<br />
https://pxhere.com/en/photo/486169<br />
https://pxhere.com/en/photo/1073943<br />
https://pxhere.com/en/photo/1292551<br />
https://pxhere.com/en/photo/1013940<br />
https://pxhere.com/en/photo/1598623<br />
https://pxhere.com/en/photo/1076934<br />
https://pxhere.com/en/photo/1600892<br />
https://pxhere.com/en/photo/941745<br />
https://pxhere.com/en/photo/941746<br />
https://pxhere.com/en/photo/600695<br />
https://pxhere.com/en/photo/863007<br />
https://pxhere.com/en/photo/1389997<br />
https://pxhere.com/en/photo/599832<br />
https://pxhere.com/en/photo/1284562<br />
https://pxhere.com/en/photo/816902<br />
https://pxhere.com/en/photo/670069<br />
https://pxhere.com/en/photo/670068<br />
https://pxhere.com/en/photo/1364746<br />
https://pxhere.com/en/photo/606815<br />
https://pxhere.com/en/photo/516507<br />
https://pxhere.com/en/photo/1632922<br />
https://pxhere.com/en/photo/1208091<br />
https://pxhere.com/en/photo/1015789<br />
https://pxhere.com/en/photo/715744<br />
https://pxhere.com/en/photo/742706<br />
https://pxhere.com/en/photo/459445<br />
https://pxhere.com/en/photo/1601256<br />
https://pxhere.com/en/photo/67776<br />
https://pxhere.com/en/photo/1142138<br />
https://pxhere.com/en/photo/804292<br />
https://pxhere.com/en/photo/1601230<br />
https://pxhere.com/en/photo/157662<br />
https://pxhere.com/en/photo/1629377<br />
https://pxhere.com/en/photo/282629<br />
https://pxhere.com/en/photo/1166111<br />
https://pxhere.com/en/photo/17001<br />
https://pxhere.com/en/photo/733256<br />
https://pxhere.com/en/photo/978943<br />
https://pxhere.com/en/photo/1080730<br />
https://pxhere.com/en/photo/1214210<br />
https://pxhere.com/en/photo/1068912<br />
https://pxhere.com/en/photo/1444777<br />
https://pxhere.com/en/photo/537172<br />
https://pxhere.com/en/photo/720964<br />
https://pxhere.com/en/photo/759959<br />
https://pxhere.com/en/photo/1179825<br />
https://pxhere.com/en/photo/1179825<br />
https://pxhere.com/en/photo/1592155<br />
https://pxhere.com/en/photo/1603984<br />
https://pxhere.com/en/photo/348208<br />
https://pxhere.com/en/photo/990593<br />
https://pxhere.com/en/photo/26750<br />
https://pxhere.com/en/photo/536373<br />
https://pxhere.com/en/photo/449291<br />
https://pxhere.com/en/photo/918267<br />
https://pxhere.com/en/photo/722779<br />
https://pxhere.com/en/photo/1402258<br />
https://pxhere.com/en/photo/1188450<br />
https://pxhere.com/en/photo/1054869<br />
https://pxhere.com/en/photo/1573331<br />
https://pxhere.com/en/photo/1573329<br />
https://pxhere.com/en/photo/1629588<br />
https://pxhere.com/en/photo/285<br />
https://pxhere.com/en/photo/818653<br />
https://pxhere.com/en/photo/399720<br />
https://pxhere.com/en/photo/661976</p>
</li>
<li>
<p>License: CC0 License</p>
</li>
<li>
<p>Source: https://stocksnap.io/license<br />
https://stocksnap.io/photo/parkinggarage-parkingspaces-8U9IMYL2CQ<br />
https://stocksnap.io/photo/woman-smartphone-MLEPUKHYUU<br />
https://stocksnap.io/photo/business-man-DAAZROYMQN<br />
https://stocksnap.io/photo/business-man-XTVALHTBUK<br />
https://stocksnap.io/photo/senior-business-UTEZRDTKPP<br />
https://stocksnap.io/photo/business-man-IVZBYWKEFM<br />
https://stocksnap.io/photo/older-businessman-5BRQF1DZ8W</p>
</li>
<li>
<p>Slick</p>
</li>
<li>Author: Ken Wheeler</li>
<li>License: MIT</li>
<li>
<p>Source:<br />
Website: http://kenwheeler.github.io<br />
Docs: http://kenwheeler.github.io/slick<br />
Repo: http://github.com/kenwheeler/slick<br />
Issues: http://github.com/kenwheeler/slick/issues</p>
</li>
<li>
<p>Blueimp</p>
</li>
<li>Author: Sebastian Tschan</li>
<li>License: MIT</li>
<li>
<p>Source:<br />
Website: https://blueimp.github.io/Gallery/<br />
Docs: https://github.com/blueimp/Gallery/blob/master/README.md<br />
Repo: https://github.com/blueimp/Gallery<br />
Issues: https://github.com/blueimp/Gallery/issues</p>
</li>
<li>
<p>Confirm</p>
</li>
<li>Author: Boniface Pereira</li>
<li>License: MIT</li>
<li>
<p>Source:<br />
Website: https://craftpip.github.io/jquery-confirm/<br />
Docs: https://craftpip.github.io/jquery-confirm/<br />
Repo: https://github.com/craftpip/jquery-confirm<br />
Issues: https://github.com/craftpip/jquery-confirm/issues</p>
</li>
<li>
<p>Confirm</p>
</li>
<li>Author: Ion.RangeSlider</li>
<li>License: MIT</li>
<li>Source:<br />
Website: http://ionden.com/a/plugins/ion.rangeSlider<br />
Docs: http://ionden.com/a/plugins/ion.rangeSlider/start.html<br />
Repo: https://github.com/IonDen/ion.rangeSlider<br />
Issues: https://github.com/IonDen/ion.rangeSlider/issues</li>
</ul>
WordPress Plugin Directory