cleantalk
Vulnerabilities and Security Researches

Name Directory, CVE-2022-2071

CVE, Research URL

CVE-2022-2071

Home page URL

Security reports for Name Directory

Application

Name Directory

Published on
Jul 25, 2022
Research Description
The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
Affected versions
Min -, max 1.25.4.
Status
vulnerable
Previous vulnerability researches
Name Directory (CVE-2024-43938) , Aug 30, 2024
Name Directory (CVE-2025-39454) , Apr 21, 2025
Name Directory (CVE-2021-20652) , Jun 07, 2024
Name Directory (CVE-2023-22692) , Jun 07, 2024
Name Directory (CVE-2022-2072) , Jun 07, 2024
New vulnerability
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2025-39413) , Apr 22, 2025
WooCommerce Shipping & Tax , Apr 21, 2025
Name Directory (CVE-2025-39454) , Apr 21, 2025
SB Chart block (CVE-2025-3661) , Apr 20, 2025
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025