Missing Authorization Vulnerability in Jeroen Peters Name Directory
CVE-2025-39454
4.3MEDIUM
What is CVE-2025-39454?
A missing authorization vulnerability exists in Jeroen Peters Name Directory, which could allow unauthorized users to gain access to restricted functionality. This issue is identified in the Name Directory plugin prior to version 1.30.0, potentially compromising user data and operations within the application. Website administrators are advised to examine their WordPress plugins and apply necessary updates to mitigate risks associated with unauthorized access.
Affected Version(s)
Name Directory <= 1.30.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc / truonghuuphuc (Patchstack Alliance)