Vulnerabilities and security researches forname-directory name-directory

Apr 21, 2025

CVE, Research URL: CVE-2025-39454
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: -
Research Description: Name Directory [name-directory] < 1.30.1 CVE-2025-39454
Affected versions: Min -, max -.
Status: vulnerable

Aug 30, 2024

CVE, Research URL: CVE-2024-43938
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: Sep 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2021-20652
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: Feb 05, 2021
Research Description: Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-22692
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: May 22, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2072
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: Jul 25, 2022
Research Description: The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-2071
Home page URL: Security reports for Name Directory
Application: Name Directory
Date: Jul 25, 2022
Research Description: The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
Affected versions: Min -, max -.
Status: vulnerable