The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
The vulnerability results from improper implementation of the authentication algorithm in the 'wdk_generate_auto_login_link' function. The token generation mechanism used by this function is cryptographically weak, making the generated tokens predictable. An unauthenticated attacker can calculate or guess the correct token and then use the auto-login endpoint to log in as an administrator — without knowing the password or any credentials.
An attacker without any permissions can gain full administrative access to the WordPress site and take complete control over it, including modifying content, installing malicious plugins, stealing user data, or deploying backdoors.
The WP Directory Kit plugin must be immediately updated to a version higher than 1.4.4. A patch is available in the plugin repository (changeset 3400599). If immediate update is not possible, consider temporarily disabling the plugin.
The WP Directory Kit plugin for WordPress in all versions up to and including 1.4.4.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWpdirectorykit Wp Directory Kit
APPWpdirectorykit≤ 1.4.4
Related vulnerabilities
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and includi...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in w...
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attrib...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirect...
Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Confi...