Vulnerability Description
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smackcoders | Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | < 6.4.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2662897Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51fExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2662897Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51fExploitThird Party Advisory
FAQ
What is CVE-2022-0360?
CVE-2022-0360 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious o...
How severe is CVE-2022-0360?
CVE-2022-0360 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0360?
Check the references section above for vendor advisories and patch information. Affected products include: Smackcoders Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv.