CVE-2022-2071: CSRF
First published: Mon Jul 25 2022(Updated: )
The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Name Directory Project Name Directory | <1.25.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Name Directory WordPress plugin vulnerability?
The vulnerability ID for this Name Directory WordPress plugin vulnerability is CVE-2022-2071.
What is the severity of CVE-2022-2071?
The severity of CVE-2022-2071 is medium with a CVSS score of 6.1.
What is the affected software?
The affected software is the Name Directory WordPress plugin version up to 1.25.4.
What is the risk of this vulnerability?
This vulnerability allows attackers to import arbitrary names with XSS payloads in them, potentially leading to cross-site scripting attacks.
Is there a fix available for this vulnerability?
Yes, updating the Name Directory WordPress plugin to version 1.25.4 or higher will fix this vulnerability.
- collector/nvd-index
- vendor/name directory project
- canonical/name directory project name directory