The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2662897 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-28T09:06:48
Updated: 2022-02-28T09:06:48
Reserved: 2022-01-25T00:00:00
Link: CVE-2022-0360
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-28T09:15:09.043
Modified: 2023-06-07T02:43:44.747
Link: CVE-2022-0360
JSON object: View
Redhat Information
No data.
CWE