Name Directory

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Name Directory

Information

Software Type Plugin
Software Slug name-directory (view on wordpress.org)
Software Status Active
Software Author jeroenpeters1986
Software Website jeroenpeters.dev
Software Downloads 161,907
Software Active Installs 3,000
Software Record Last Updated June 18, 2026

10 Vulnerabilities

Submit a Vulnerability
Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'
7.2
CVE-2026-3178
Mar 10, 2026
Researcher: Youssef Elouaer
Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form
7.2
CVE-2026-1866
Feb 9, 2026
Researcher: duy.thai
Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
7.2
CVE-2025-15283
Jan 13, 2026
Researcher: zer0gh0st
Name Directory <= 1.30.0 - Missing Authorization
4.3
CVE-2025-39454
Apr 17, 2025
Researcher: Trương Hữu Phúc (truonghuuphuc)
Name Directory <= 1.29.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-43938
Aug 26, 2024
Researcher: LVT-tholv2k
Name Directory <= 1.27.1 - Cross Site Request Forgery
4.3
CVE-2023-22692
Jan 23, 2023
Researcher: NeginNrb
Name Directory <= 1.25.4 - Unauthorized Settings Update
6.3
CVE ID Unknown
Jul 15, 2022
Researchers:
Name Directory <= 1.25.3 - Cross-Site Request Forgery
8.8
CVE-2022-2071
Jun 28, 2022
Researchers:
Name Directory <= 1.25.2 - Cross-Site Scripting
6.1
CVE-2022-2072
May 8, 2022
Researcher: Donato Di Pasquale
Name Directory <= 1.17.4 - Cross-Site Request Forgery
8.8
CVE-2021-20652
Feb 5, 2021
Researcher: Yuta Asai
Title Status CVE ID CVSS Researchers Date
Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' Patched CVE-2026-3178 7.2 Youssef Elouaer March 10, 2026
Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form Patched CVE-2026-1866 7.2 duy.thai February 9, 2026
Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters Patched CVE-2025-15283 7.2 zer0gh0st January 13, 2026
Name Directory <= 1.30.0 - Missing Authorization Patched CVE-2025-39454 4.3 Trương Hữu Phúc (truonghuuphuc) April 17, 2025
Name Directory <= 1.29.0 - Reflected Cross-Site Scripting Patched CVE-2024-43938 6.1 LVT-tholv2k August 26, 2024
Name Directory <= 1.27.1 - Cross Site Request Forgery Patched CVE-2023-22692 4.3 NeginNrb January 23, 2023
Name Directory <= 1.25.4 - Unauthorized Settings Update Patched 6.3 July 15, 2022
Name Directory <= 1.25.3 - Cross-Site Request Forgery Patched CVE-2022-2071 8.8 June 28, 2022
Name Directory <= 1.25.2 - Cross-Site Scripting Patched CVE-2022-2072 6.1 Donato Di Pasquale May 8, 2022
Name Directory <= 1.17.4 - Cross-Site Request Forgery Patched CVE-2021-20652 8.8 Yuta Asai February 5, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation