The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-05-02T16:05:52
Updated: 2022-05-02T16:05:52
Reserved: 2022-04-06T00:00:00
Link: CVE-2022-1255
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-02T16:15:08.897
Modified: 2022-05-09T14:08:27.740
Link: CVE-2022-1255
JSON object: View
Redhat Information
No data.
CWE