CVE-2024-43938 — Vulnetix

CVE-2024-43938 PUBLISHED CVSS 9.300000190734863 CRITICAL

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Peters Name Directory allows Reflected XSS.This issue affects Name Directory: from n/a through 1.29.0.

EPSS 0.30% · 53.3th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.30%

53.3th percentile

Affected Products

Vendor	Product	Versions
Jeroen Peters	Name Directory	0

Timeline

Aug 26, 2024 VulnCheck KEV Exploitation
Sep 17, 2024 CVE Published
Sep 18, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 8, 2024 EPSS Score
Oct 27, 2024 EPSS Score
Nov 16, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 26, 2024 EPSS Score
Jan 14, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 26, 2025 Coalition ESS Score

References

https://patchstack.com/database/Wordpress/Plugin/name-directory/vulnerability/wordpress-name-directory-plugin-1-29-0-cross-site-scripting-xss-vulnerability?_s_id=cve vdb
https://nvd.nist.gov/vuln/detail/CVE-2024-43938 advisory
https://patchstack.com/database/vulnerability/name-directory/wordpress-name-directory-plugin-1-29-0-cross-site-scripting-xss-vulnerability?_s_id=cve url

Open in Interactive Console →