CVE-2025-13920 Scanner

WP Directory Kit is a WordPress plugin designed to help users create and manage business directories effortlessly. It is widely used by web developers, entrepreneurs, and small business owners who want an easy solution for building directory websites without requiring extensive coding skills. The plugin offers various features such as listings, customization options, and payment integrations. It allows users to easily set up directories for local businesses, service providers, or any niche directory website. WP Directory Kit provides a user-friendly interface that streamlines the directory creation process. It facilitates the management of large volumes of business listings, ensuring an organized and efficient directory.

The Information Disclosure vulnerability in WP Directory Kit involves unauthorized access to sensitive information due to improper access control. Specifically, the vulnerability resides in the wdk_public_action AJAX handler, which does not properly restrict access to certain endpoints. As a result, unauthenticated attackers can exploit this flaw to extract email addresses of users with Directory Kit-specific roles. This issue can lead to privacy breaches and unauthorized exposure of personal information, particularly email addresses. Proper validation and access controls are necessary to safeguard sensitive data against unauthorized access in such applications. Developers have been advised to enhance security measures to prevent unauthorized data extraction.

Technical details of this vulnerability include the exploitation of the 'wdk_public_action' AJAX action in the plugin. The vulnerability is triggered when an unauthorized request is made to this AJAX endpoint, resulting in the exposure of user email addresses. This is specifically dangerous as the endpoint returns user information without proper authentication checks. The vulnerable endpoint is '/wp-admin/admin-ajax.php' with POST parameters specifying the action and other identifiers. Attackers can send crafted requests to this endpoint to retrieve user emails associated with specific roles within the plugin. Adequate protection against this includes implementing strict access controls on AJAX actions.

If exploited, the Information Disclosure vulnerability could result in a significant privacy breach. Unauthorized attackers might collect email addresses and potentially use them for spamming, phishing, or other malicious activities. This breach can compromise user trust and lead to legal consequences for the plugin administrators, especially concerning data protection regulations. Organizations using the plugin might face reputational damage and loss of user confidence. Moreover, the exposure of contact information can be leveraged in further comprehensive attacks against user accounts.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/id/8905dcc7-d3c8-4ae8-818c-df3e6ed2ad9c
• https://nvd.nist.gov/vuln/detail/CVE-2025-13920
• https://wordpress.org/plugins/wpdirectorykit/