WordPress Plugin Vulnerabilities

Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF

Description

The plugin does not have CSRF checks in place when deleting Directories and Names, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
name-directory
Fixed in 1.25.4

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
9a9e0665-7a36-4d96-9295-5b7ec626661a

Timeline

Publicly Published
2022-07-04 (about 3 years ago)
Added
2022-07-04 (about 3 years ago)
Last Updated
2022-07-04 (about 3 years ago)

Other

Published
Title
Published
2024-08-01
Title
Tutor LMS < 2.7.3 - Cross-Site Request Forgery
Published
2025-06-27
Title
Relocate Upload <= 0.24.1 - Cross-Site Request Forgery
Published
2019-07-18
Title
Category Specific RSS feed Subscription <= 2.0 - Cross-Site Request Forgery (CSRF)
Published
2025-06-12
Title
Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-06-30
Title
YITH Request a Quote for WooCommerce < 1.6.4 - Unauthorised AJAX call via CSRF