CVE-2022-0360

The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
Configurations

Configuration 1 (hide)

cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*

History

21 Nov 2024, 06:38

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset/2662897 - Release Notes, Third Party Advisory () https://plugins.trac.wordpress.org/changeset/2662897 - Release Notes, Third Party Advisory
References () https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f - Exploit, Third Party Advisory

07 Jun 2023, 02:43

Type Values Removed Values Added
CPE cpe:2.3:a:smackcoders:easy_drag_and_drop_all_import:*:*:*:*:*:wordpress:*:* cpe:2.3:a:smackcoders:import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv:*:*:*:*:wordpress:*:*:*

08 Mar 2022, 16:36

Type Values Removed Values Added
CPE cpe:2.3:a:smackcoders:easy_drag_and_drop_all_import:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f - (MISC) https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f - Exploit, Third Party Advisory
References (CONFIRM) https://plugins.trac.wordpress.org/changeset/2662897 - (CONFIRM) https://plugins.trac.wordpress.org/changeset/2662897 - Release Notes, Third Party Advisory

28 Feb 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-28 09:15

Updated : 2024-11-21 06:38


NVD link : CVE-2022-0360

Mitre link : CVE-2022-0360

CVE.ORG link : CVE-2022-0360


JSON object : View

Products Affected

smackcoders

  • import_all_pages\,_post_types\,_products\,_orders\,_and_users_as_xml_\&_csv
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')