CVE-2022-2072 Information

Description

The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting. Furthermore as the payload is also saved into the database after the request it leads to a Stored XSS as well

Reference

https://wpscan.com/vulnerability/3014540c-21b3-481c-83a1-ce3017151af4