CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-05-02 16:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-1255

Mitre link : CVE-2022-1255

CVE.ORG link : CVE-2022-1255


JSON object : View

Products Affected

codection

  • import_and_export_users_and_customers
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')