The WP Directory Kit plugin is a WordPress extension used to manage directories and listings on websites. This vulnerability allows attackers to bypass authentication and gain full administrative access to the website, potentially leading to unauthorized data access, modification, or deletion.
You're affected if you use WP Directory Kit. Specific version info not stated in the advisory.
Upgrade to WP Directory Kit version 2.0.5 or later from the official WordPress repository.
- Immediate mitigations:
- Restrict network access to your WordPress installation (firewall it from the public internet)
- Audit plugin and theme activity for suspicious access patterns
- Monitor for unauthorized login attempts