CVE-2025-15283

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Name Directory plugin for WordPress versions through 1.30.3

Description The Name Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the name directory name and name directory description parameters. This allows unauthenticated attackers to inject arbitrary web scripts into pages. When a user accesses an injected page, the scripts will execute.

Recommendations Update the Name Directory plugin to a version later than 1.30.3.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-15283

Affected Products

Name Directory

CVE-2025-15283

Weakness Enumeration

Related Identifiers

Affected Products

References · 8