CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
smackcodersimport_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv
𝑥
< 6.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2662897
https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f
https://plugins.trac.wordpress.org/changeset/2662897
https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f