Name Directory

Vulnerabilities 15Slug name-directoryLatest version 1.33.1WordPress.org →

Minimum safe version

1.33.0

Update to 1.33.0 or later to address 15 fixable vulnerabilities

Latest available1.33.1 ✓

N/A

2026-02-09< 1.32.1

Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

Wordfence CVE

N/A

2026-03-10< 1.33.0

Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'

Wordfence CVE

High 7.2

2026-01-14< 1.31.0

CVE-2025-15283

CVE Wordfence

Medium 4.3

2025-05-19< 1.30.1

CVE-2025-39454

CVE EUVD Patchstack Wordfence

High 7.1

2024-09-17< 1.29.1

CVE-2024-43938

CVE Patchstack Wordfence

N/A

< 1.18

Name Directory < 1.18 - Cross-Site Request Forgery (CSRF)

WPScan

N/A

< 1.25.4

Name Directory < 1.25.4 - Arbitrary Directory/Name Deletion via CSRF

WPScan

N/A

< 1.25.5

Name Directory < 1.25.5 - Stored Cross-Site Scripting via CSRF

WPScan

Medium 4.3

2023-05-22< 1.27.2

CVE-2023-22692

CVE Wordfence Patchstack WPScan

N/A

2022-07-15< 1.25.5

Name Directory <= 1.25.4 - Unauthorized Settings Update

Wordfence

N/A

2022-07-18< 1.25.5

WordPress Name Directory plugin <= 1.25.4 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

Medium 6.1

2022-07-25< 1.25.4

CVE-2022-2072

CVE Patchstack Wordfence WPScan

Medium 6.1

2022-07-25< 1.25.4

CVE-2022-2071

CVE Patchstack Wordfence WPScan

N/A

2022-06-28< 1.25.4

WordPress Name Directory plugin <= 1.25.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Patchstack

High 8.8

2025-10-03< 1.18

CVE-2021-20652

EUVD CVE JVN Wordfence Patchstack