VYPR

Name Directory

by WordPress

Source repositories

CVEs (8)

  • CVE-2024-43938MedSep 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.29.0.

  • CVE-2026-3178HigMar 11, 2026
    risk 0.40cvss 7.2epss 0.00

    The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2026-1866HigFeb 10, 2026
    risk 0.40cvss 7.2epss 0.00

    The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling `html_entity_decode()` before `wp_kses()`, and then…

  • CVE-2025-15283HigJan 14, 2026
    risk 0.40cvss 7.2epss 0.00

    The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2025-39454MedMay 19, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Jeroen Peters Name Directory name-directory.This issue affects Name Directory: from n/a through <= 1.30.0.

  • CVE-2023-22692May 22, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.

  • CVE-2022-2072Jul 25, 2022
    risk 0.00cvss epss 0.01

    The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS…

  • CVE-2022-2071Jul 25, 2022
    risk 0.00cvss epss 0.00

    The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in…