CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/11 12:15 p.m.•1 views

CVE-2026-3178

7.2CVSS0.00139EPSS

Vulnrichment•added 2026/03/11 11:9 a.m.•1 views

CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'

CVE•added 2026/03/11 11:9 a.m.•4 views

CVE-2026-3178

The CVE concerns the WordPress Name Directory plugin (affected: all versions up to 1.32.1) and a Stored XSS via the name_directory_name parameter. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts into pages that...

ATTACKERKB•added 2026/03/11 11:9 a.m.•1 views

CVE-2026-3178

Cvelist•added 2026/03/11 11:9 a.m.•24 views

CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'

7.2CVSS0.00139EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24666

🚨 CVE-2026-3178 The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name directory name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS6AI score0.00139EPSS

Exploits0References9

RedhatCVE•added 2026/02/11 1:16 p.m.•3 views

CVE-2026-1866

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...

NVD•added 2026/02/10 10:15 a.m.•4 views

Exploits0References1

CVE-2026-1866

7.2CVSS0.00186EPSS

Cvelist•added 2026/02/10 9:26 a.m.•35 views

CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

7.2CVSS0.00186EPSS

Vulnrichment•added 2026/02/10 9:26 a.m.•2 views

CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

ATTACKERKB•added 2026/02/10 9:26 a.m.•3 views

CVE-2026-1866

CVE•added 2026/02/10 9:26 a.m.•7 views

CVE-2026-1866

The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...

Patchstack•added 2026/02/10 9:10 a.m.•4 views

WordPress Name Directory plugin <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability

Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form vulnerability discovered by duy.thai in WordPress Plugin Name Directory versions = 1.32.0...

7.2CVSS5.4AI score0.00186EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/10 12:0 a.m.•4 views

PT-2026-7246

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling html entity decode before wp kses, and then calling html entity decode again...

7.2CVSS5.7AI score0.00186EPSS