Does Name Directory have any unpatched vulnerabilities?

No. All known vulnerabilities in Name Directory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Name Directory compatible with WordPress 7.0?

According to WordPress.org data, Name Directory 1.33.0 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Name Directory compatible with PHP 5.3+?

Name Directory requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Name Directory updated?

Name Directory was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Name Directory's security score?

Name Directory has a WP-Safety security score of 88/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Name Directory Security & Risk Analysis

wordpress.org/plugins/name-directory

Name directory (glossary) with many options like multiple directories, integrated search, non-latin characters, recaptcha, HTML editor and many more.

3K active installs v1.33.0 PHP 5.3+ WP 3.0.1+ Updated Mar 9, 2026

dictionarydirectoryglossaryindexnames

A · Safe

CVEs total10

Unpatched0

Last CVEMar 10, 2026

Plugin page Download

Safety Verdict

Is Name Directory Safe to Use in 2026?

Generally Safe

Score 88/100

Name Directory has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Mar 10, 2026Updated 25d ago

Risk Assessment

The "name-directory" v1.33.0 plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for a majority of its SQL queries and implementing nonce and capability checks on its entry points, several concerning areas require attention. The static analysis reveals a significant number of taint flows with unsanitized paths, with 7 high-severity flows, suggesting potential for injection vulnerabilities that could be exploited if these paths are exposed to user input. Furthermore, a concerning 69% of output escaping is not properly performed, which opens the door to Cross-Site Scripting (XSS) vulnerabilities.

The vulnerability history is particularly troubling, with 10 known CVEs, including 5 high-severity and 5 medium-severity ones. The common vulnerability types (Missing Authorization, CSRF, XSS) align with the static analysis findings regarding unsanitized paths and output escaping. While there are currently no unpatched CVEs, the sheer volume and nature of past vulnerabilities indicate a recurring pattern of security weaknesses within the plugin. The most recent vulnerability reported in 2026 suggests a potential for outdated security patches if not diligently managed.

In conclusion, while the plugin has adopted some secure coding practices, the high number of unsanitized taint flows and insufficient output escaping, coupled with a history of significant past vulnerabilities, present a considerable risk. The current lack of unpatched CVEs is a positive sign, but the underlying code issues and historical patterns suggest ongoing vigilance and potential for future vulnerabilities if not addressed.

Key Concerns

High severity taint flows
Insufficient output escaping
High number of past high/medium CVEs

Vulnerabilities

Name Directory Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

3 CVEs in 2022

2022

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

3 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

10 total CVEs

CVE-2026-3178high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name'

Mar 10, 2026 Patched in 1.33.0 (1d)

CVE-2026-1866high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form

Feb 9, 2026 Patched in 1.32.1 (1d)

CVE-2025-15283high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

Jan 13, 2026 Patched in 1.31.0 (21d)

CVE-2025-39454medium · 4.3Missing Authorization

Name Directory <= 1.30.0 - Missing Authorization

Apr 17, 2025 Patched in 1.30.1 (5d)

CVE-2024-43938medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Name Directory <= 1.29.0 - Reflected Cross-Site Scripting

Aug 26, 2024 Patched in 1.29.1 (10d)

CVE-2023-22692medium · 4.3Cross-Site Request Forgery (CSRF)

Name Directory <= 1.27.1 - Cross Site Request Forgery

Jan 23, 2023 Patched in 1.27.2 (365d)

WF-a57675f0-d840-4954-b86e-a9fbc1483bc7-name-directorymedium · 6.3Missing Authorization

Name Directory <= 1.25.4 - Unauthorized Settings Update

Jul 15, 2022 Patched in 1.25.5 (557d)

CVE-2022-2071high · 8.8Cross-Site Request Forgery (CSRF)

Name Directory <= 1.25.3 - Cross-Site Request Forgery

Jun 28, 2022 Patched in 1.25.4 (574d)

CVE-2022-2072medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Name Directory <= 1.25.2 - Cross-Site Scripting

May 8, 2022 Patched in 1.25.3 (625d)

CVE-2021-20652high · 8.8Cross-Site Request Forgery (CSRF)

Name Directory <= 1.17.4 - Cross-Site Request Forgery

Feb 5, 2021 Patched in 1.18 (1082d)

Code Analysis

Analyzed Mar 16, 2026

Name Directory Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

193

87 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

84% prepared31 total queries

Output Escaping

31% escaped280 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths

name_directory_show_directory (shortcode.php:265)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Name Directory Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 2

authwp_ajax_name_directory_ajax_namesadmin.php:7

authwp_ajax_name_directory_switch_name_published_statusadmin.php:8

Shortcodes 3

[namedirectory] shortcode.php:581

[namedirectory_random] shortcode.php:624

[namedirectory_single] shortcode.php:653

WordPress Hooks 11

actionadmin_menuadmin.php:5

actionadmin_enqueue_scriptsadmin.php:6

actionadmin_menuadmin_general_settings.php:14

actionadmin_initadmin_general_settings.php:15

actionadmin_noticesindex.php:70

actionmembers_register_capsindex.php:91

actionplugins_loadedindex.php:108

actionwp_enqueue_scriptsshortcode.php:5

filterscript_loader_tagshortcode.php:22

filterposts_whereshortcode.php:721

filterrelevanssi_whereshortcode.php:738

Maintenance & Trust

Name Directory Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 9, 2026

PHP min version5.3

Downloads158K

Community Trust

Rating98/100

Number of ratings79

Active installs3K

Alternatives

Name Directory Alternatives

Lexicographer

lexicographer

Lexicographer creates an alphabetical index of your blog, using keywords you choose. The index can be included in any page, post or text widget.

20 No CVEs

3task Glossary – Dictionary, Wiki & Knowledge Base

3task-glossary

100

Create glossaries, dictionaries & knowledge bases using WordPress pages. A-Z navigation, auto-linking, dark mode. No database, just pages.

0 No CVEs

Easy Glossary

easy-glossary

100

A lightweight, flexible glossary plugin that auto-links terms, shows tooltips, and provides an index shortcode.

0 No CVEs

CM Tooltip Glossary

enhanced-tooltipglossary

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K 7 CVEs

Heroic Glossary – Block for building Glossaries, Dictionaries and more

heroic-glossary

100

The best WordPress glossary builder plugin to create and manage your own glossary of terms.

4K No CVEs

Developer Profile

Name Directory Developer Profile

Jeroen Peters

4 plugins · 7K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

272 days

View full developer profile

Detection Fingerprints

How We Detect Name Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/name-directory/css/name-directory-admin.css/wp-content/plugins/name-directory/css/name-directory.css/wp-content/plugins/name-directory/css/name-directory-admin-settings.css/wp-content/plugins/name-directory/js/name-directory-admin.js/wp-content/plugins/name-directory/js/name-directory.js

Script Paths

/wp-content/plugins/name-directory/js/name-directory-admin.js/wp-content/plugins/name-directory/js/name-directory.js

Version Parameters

name-directory/css/name-directory-admin.css?ver=name-directory/css/name-directory.css?ver=name-directory/css/name-directory-admin-settings.css?ver=name-directory/js/name-directory-admin.js?ver=name-directory/js/name-directory.js?ver=

HTML / DOM Fingerprints

CSS Classes

name-directory-admin-settingsname-directory-form-errorsname-directory-add-new-formname-directory-entries-tablename-directory-table-namename-directory-table-directoryname-directory-table-publishedname-directory-table-edit+7 more

HTML Comments

+2 more

Data Attributes

data-name-directory-iddata-nonce

JS Globals

name_directory_ajax_object

REST Endpoints

/wp-json/name-directory/v1/names/wp-json/name-directory/v1/directories

Shortcode Output

<div class="name-directory-single-name"><div class="name-directory-search"><form method="post" id="name-directory-search-form"><input type="text" name="search" id="name-directory-search-input" placeholder="Search names...">

FAQ