CVE-2026-3178

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-3178

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2026-3178

The CVE concerns the WordPress Name Directory plugin (affected: all versions up to 1.32.1) and a Stored XSS via the name_directory_name parameter. The vulnerability stems from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts into pages that...

CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling htmlentitydecode before wpkses, and then calling htmlentitydecode again on...

CVE-2026-1866

The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...

WordPress Name Directory plugin <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability

Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by zer0gh0st in WordPress Plugin Name Directory versions = 1.30.3...

CVE-2025-15283

CVE-2025-15283 refers to the WordPress plugin Name Directory (versions up to 1.30.3) with a stored cross-site scripting (XSS) flaw in the name_directory_name and name_directory_description parameters. Public sources (Wordfence Intelligence) document unauthenticated exploitation and a high-severit...

CVE-2022-2072

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well...

CVE-2025-39454 WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through = 1.30.0...

CVE-2025-39454 WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through = 1.30.0...

WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Name Directory versions = 1.29.0...

CVE-2023-22692

Cross-Site Request Forgery CSRF vulnerability in Jeroen Peters Name Directory plugin = 1.27.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jeroen Peters Name Directory plugin = 1.27.1 versions...

CVE-2023-22692

CVE-2023-22692 : Cross-Site Request Forgery (CSRF) in the WordPress plugin “Name Directory” (Jeroen Peters) affecting versions

CVE-2023-22692 WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Jeroen Peters Name Directory plugin = 1.27.1 versions...

PT-2023-18637 · Unknown · Jeroen Peters Name Directory Plugin

Name of the Vulnerable Software and Affected Versions: Jeroen Peters Name Directory plugin versions 1.27.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

CVE-2022-2072

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well...

Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. PoC As admin, Import the following CSV...