Name Directory < 1.18 – Cross-Site Request Forgery (CSRF)

Affects Plugins

name-directory

Fixed in 1.18

References

URL

https://jvn.jp/en/jp/JVN50470170/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Yuta Asai

Verified

No

WPVDB ID

cfaaa828-20d1-4d68-83af-bae589ed8db4

Timeline

Publicly Published

2021-02-05 (about 5 years ago)

Added

2021-02-05 (about 5 years ago)

Last Updated

2021-02-06 (about 5 years ago)

Other

Published

Title

Published

2025-09-22

Title

Grid < 2.3.2 - Cross-Site Request Forgery

Published

2024-11-22

Title

Simple Travel Map <= 0.1 - Cross-Site Request Forgery

Published

2021-04-16

Title

404 SEO Redirection <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

Published

2023-01-27

Title

Exclusive Addons Elementor < 2.6.2 - Arbitrary Uninstall Reason Feedback via CSRF

Published

2023-11-21

Title

UserPro < 5.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata