cleantalk
Vulnerabilities and Security Researches

Name Directory, CVE-2022-2072

CVE, Research URL

CVE-2022-2072

Home page URL

Security reports for Name Directory

Application

Name Directory

Published on
Jul 25, 2022
Research Description
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
Affected versions
Min -, max 1.25.5.
Status
vulnerable
Previous vulnerability researches
Name Directory (CVE-2024-43938) , Aug 30, 2024
Name Directory (CVE-2025-39454) , Apr 21, 2025
Name Directory (CVE-2021-20652) , Jun 07, 2024
Name Directory (CVE-2023-22692) , Jun 07, 2024
Name Directory (CVE-2022-2072) , Jun 07, 2024
New vulnerability
Simple Sitemap – Create a Responsive HTML Sitemap (CVE-2025-39413) , Apr 22, 2025
WooCommerce Shipping & Tax , Apr 21, 2025
Name Directory (CVE-2025-39454) , Apr 21, 2025
SB Chart block (CVE-2025-3661) , Apr 20, 2025
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025