CVE-2022-2071

Name of the Vulnerable Software and Affected Versions The Name Directory WordPress plugin versions prior to 1.25.4

Description The issue concerns a lack of CSRF check when importing names and inadequate sanitisation and escaping of imported data. This could allow attackers to make a logged-in admin import arbitrary names containing XSS payloads.

Recommendations For versions prior to 1.25.4, update to version 1.25.4 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to minimize the risk of exploitation. Avoid using the import feature with untrusted data until the issue is resolved.