CVE-2022-2071

Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.

El plugin Name Directory de WordPress versiones anteriores a 1.25.4, no presenta comprobación de tipo CSRF cuando son importados nombres, y también carece de saneo así como de escapes en algunos de los datos importados, lo que podría permitir a atacantes hacer que un administrador conectado importe nombres arbitrarios con cargas útiles de tipo XSS en ellos

The Name Directory plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.25.3. This is due to missing or incorrect nonce validation when editing, deleting or naming directories. This makes it possible for unauthenticated attackers to trigger the above actions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

*Credits: Donato Di Pasquale

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-13 CVE Reserved
2022-06-28 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9d	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Name Directory Project Search vendor "Name Directory Project"		Name Directory Search vendor "Name Directory Project" for product "Name Directory"				< 1.25.4 Search vendor "Name Directory Project" for product "Name Directory" and version " < 1.25.4"		wordpress		Affected