A vulnerability was found in WP Directory Kit Plugin up to 1.5.0 on WordPress. It has been declared as critical . This affects an unknown part. The manipulation results in sql injection. This vulnerability is known as CVE-2026-39531 . It is possible to launch the attack remotely. No exploit is available.