The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-05-02 16:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-1255
Mitre link : CVE-2022-1255
CVE.ORG link : CVE-2022-1255
JSON object : View
Products Affected
codection
- import_and_export_users_and_customers
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')