WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WP Ultimate CSV Importer plugin prior to 6.4.3. The vulnerability stems from the plugin’s inability to clean and escape imported comments, which can be exploited by attackers to import malicious comments and perform cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress1 WP Ultimate CSV Importer Plugin | lt | 6.4.3 |