WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Import and export users and customers plugin, which stems from the plugin’s failure to clean and escape imported CSV data . High-privilege attackers can exploit this vulnerability to import malicious javascript code.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress Import and export users and customers plugin <1. | eq | 19.2.1 |