Lucene search
Donato Di PasqualeWPVDB-ID:D3653976-9E0A-4F2B-87F7-26B5E7A74B9DHistoryJul 04, 2022 - 12:00 a.m.
Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF
2022-07-0400:00:00
Donato Di Pasquale
wpscan.com
8
0.001 Low
EPSS
Percentile
26.5%
The plugin does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
PoC
As admin, Import the following CSV “name”,“description”,“submitter” ‘">’,‘">’,‘">’
| CPE | Name | Operator | Version |
|---|---|---|---|
| name-directory | lt | 1.25.4 |
Related
nvd
nvd
CVE-2022-2071
2022-07-25 13:15:08
wpexploit
wpexploit
Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF
2022-07-04 00:00:00
cvelist
cvelist
CVE-2022-2071 Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF
2022-07-25 12:46:28
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-07-25 13:15:00
cnvd
cnvd
WordPress plugin Name Directory跨站请求伪造漏洞
2022-07-27 00:00:00
cve
cve
CVE-2022-2071
2022-07-25 13:15:08