CVE-2022-2071 — MEDIUM (6.1)

Q: How severe is CVE-2022-2071?

CVE-2022-2071 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2071?

Check the references section above for vendor advisories and patch information. Affected products include: Name Directory Project Name Directory.

Vulnerability Description

The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Name Directory Project	Name Directory	< 1.25.4

Related Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9dExploitThird Party Advisory
https://wpscan.com/vulnerability/d3653976-9e0a-4f2b-87f7-26b5e7a74b9dExploitThird Party Advisory

FAQ

What is CVE-2022-2071?

CVE-2022-2071 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow at...

How severe is CVE-2022-2071?

CVE-2022-2071 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2071?

Check the references section above for vendor advisories and patch information. Affected products include: Name Directory Project Name Directory.