CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
References
Link Resource
https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2662897 Release Notes Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:smackcoders:easy_drag_and_drop_all_import:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-02-28 01:15

Updated : 2022-03-08 08:36


NVD link : CVE-2022-0360

Mitre link : CVE-2022-0360


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

smackcoders

  • easy_drag_and_drop_all_import