Описание
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
Ссылки
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.3 (исключая)
cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
почти 4 года назад
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
EPSS
Процентиль: 43%
0.00206
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79