The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9d | Exploit Third Party Advisory |
Configurations
History
29 Jul 2022, 16:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Name Directory Project
Name Directory Project name Directory |
|
References | (MISC) https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9d - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:name_directory_project:name_directory:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
25 Jul 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-25 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2071
Mitre link : CVE-2022-2071
CVE.ORG link : CVE-2022-2071
JSON object : View
Products Affected
name_directory_project
- name_directory
CWE
CWE-352
Cross-Site Request Forgery (CSRF)