Vulnerability Description
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codection | Import And Export Users And Customers | < 1.20.5 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csvPatchThird Party Advisory
- https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csvPatchThird Party Advisory
- https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6ExploitThird Party Advisory
FAQ
What is CVE-2022-3558?
CVE-2022-3558 is a vulnerability with a CVSS score of 8.0 (HIGH). The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
How severe is CVE-2022-3558?
CVE-2022-3558 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3558?
Check the references section above for vendor advisories and patch information. Affected products include: Codection Import And Export Users And Customers.