CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43938 – WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43938
26 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0. The Name Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that e... • https://patchstack.com/database/vulnerability/name-directory/wordpress-name-directory-plugin-1-29-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22692 – WordPress Name Directory Plugin <= 1.27.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22692
23 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. The Name Directory plugin for WordPress is vulnerable to Cross Site Request Forgery in versions up to, and including, 1.27.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Request Forgery ... • https://patchstack.com/database/vulnerability/name-directory/wordpress-name-directory-plugin-1-27-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2071 – Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF
https://notcve.org/view.php?id=CVE-2022-2071
28 Jun 2022 — The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them. El plugin Name Directory de WordPress versiones anteriores a 1.25.4, no presenta comprobación de tipo CSRF cuando son importados nombres, y también carece de saneo así como de escapes en algunos de los datos importados, lo que p... • https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9d • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2072 – Name Directory < 1.25.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2072
08 May 2022 — The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well El plugin Name Directory de WordPress versiones anteriores a 1.25.3 no sanea y escapa de un parámetro antes de devolverlo a la página, conllevando a un ataque de tipo Cross-Site Scripting Reflejado. Además, como la carga útil... • https://wpscan.com/vulnerability/3014540c-21b3-481c-83a1-ce3017151af4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20652 – Name Directory <= 1.17.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-20652
05 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Name Directory versiones 1.17.4 y anteriores, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de vectores no especificados Cross-site request forgery vulnerability in Name Directory 1.17.4 and earlier allows remote attackers t... • https://jvn.jp/en/jp/JVN50470170/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •