Vulnerability Description
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimate Woocommerce Csv Importer Project | Ultimate Woocommerce Csv Importer | <= 2.0 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/13bb796f-7a17-47c9-a46f-a1d6ca4b6b91ExploitThird Party Advisory
- https://wpscan.com/vulnerability/13bb796f-7a17-47c9-a46f-a1d6ca4b6b91ExploitThird Party Advisory
FAQ
What is CVE-2022-1470?
CVE-2022-1470 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
How severe is CVE-2022-1470?
CVE-2022-1470 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1470?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer.