Lucene search
China National Vulnerability DatabaseCNVD-2022-19809HistoryMar 02, 2022 - 12:00 a.m.
WordPress WP Ultimate CSV Importer plugin跨站脚本漏洞
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
31.6%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WP Ultimate CSV Importer plugin prior to 6.4.3. The vulnerability stems from the plugin’s inability to clean and escape imported comments, which can be exploited by attackers to import malicious comments and perform cross-site scripting attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress1 WP Ultimate CSV Importer Plugin | lt | 6.4.3 |
Related
wpvulndb
wpvulndb
WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting
2022-01-26 00:00:00
cve
cve
CVE-2022-0360
2022-02-28 09:15:09
prion
prion
Cross site scripting
2022-02-28 09:15:00
nvd
nvd
CVE-2022-0360
2022-02-28 09:15:09
cvelist
cvelist
wpexploit
wpexploit
WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting
2022-01-26 00:00:00