4 matches found
CVE-2022-2072
CVE-2022-2072 affects the WordPress Name Directory plugin prior to 1.25.3. The vulnerability arises from insufficient sanitization/escaping of a parameter output back to the page, causing both Reflected and Stored XSS (payloads are saved to the database after the request). Connected sources confi...
CVE-2022-2071
CVE-2022-2071 affects the WordPress Name Directory plugin (versions prior to 1.25.4). The root cause is missing CSRF checks and insufficient sanitisation/escaping in imported data, enabling a logged-in admin to import names containing XSS payloads (stored XSS). Exploitation details in connected s...
CVE-2021-20652
CVE-2021-20652 is the WordPress Name Directory plugin CSRF vulnerability affecting versions 1.17.4 and earlier. A remote attacker could hijack an administrator’s session via cross-site requests; vectors are not specified in the provided documents. Remediation per connected sources is to update th...
CVE-2023-22692
CVE-2023-22692 : Cross-Site Request Forgery (CSRF) in the WordPress plugin “Name Directory” (Jeroen Peters) affecting versions