exploitDog

CVE-2022-1255

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:*

Версия до 1.19.2.1 (исключая)

EPSS

Процентиль: 42%

0.00203

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-rpvx-26c5-mcwr

CVSS3: 4.8

github

почти 4 года назад

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 42%

0.00203

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79