CVE-2025-13390: WP Directory Kit Authentication Bypass

[hevnsnt]

Description

This template detects CVE-2025-13390, a critical authentication bypass vulnerability in the WP Directory Kit plugin for WordPress (version ≤ 1.4.4).

Vulnerability Details

• CVSS Score: 10.0 (Critical)
• CWE: CWE-287 (Improper Authentication)
• Affected Product: WP Directory Kit WordPress plugin
• Affected Versions: ≤ 1.4.4
• Attack Vector: Network, Unauthenticated

Technical Details

The vulnerability exists in the auto-login functionality which uses a cryptographically weak token generation mechanism. The token is generated using only the first 10 characters of MD5(user_id). For user_id=1 (typically the admin account), the token is always predictable: c4ca4238a0.

Template Features

• Exploitation-based detection (not version checking)
• Reliable matcher: Checks for wordpress_logged_in_ cookie in response
• max-request: 1 (efficient)
• Verified: Tested against vulnerable instances

References

• NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13390
• PoC: https://github.com/d0n601/CVE-2025-13390
• Research: https://ryankozak.com/posts/cve-2025-13390/
• Source Code: https://plugins.trac.wordpress.org/browser/wpdirectorykit/trunk/actions.php#L116

Testing

Template has been validated against vulnerable WordPress installations with WP Directory Kit ≤ 1.4.4 installed.