Lucene search
WPScanCVE-2022-4368HistoryJan 09, 2023 - 11:15 p.m.
CVE-2022-4368
2023-01-0923:15:27
WPScan
web.nvd.nist.gov
29
cve-2022-4368
wp csv
wordpress plugin
xss
csrf
nvd
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.6%
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.
Affected configurations
Node
cpkwebsolutionswp_csvRange≤1.8.0.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_csv_exporter_project | wp_csv_exporter | * | cpe:2.3:a:wp_csv_exporter_project:wp_csv_exporter:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP CSV",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.8.0.0"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2022-12-15 00:00:00
prion
prion
Cross site scripting
2023-01-09 23:15:00
cvelist
cvelist
CVE-2022-4368 WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2023-01-09 22:13:44
nvd
nvd
CVE-2022-4368
2023-01-09 23:15:27
wpexploit
wpexploit
WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2022-12-15 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
40.6%
Related for CVE-2022-4368