Lucene search
WPScanCVELIST:CVE-2022-4368HistoryJan 09, 2023 - 10:13 p.m.
CVE-2022-4368 WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2023-01-0922:13:44
WPScan
www.cve.org
1
wordpress
plugin
xss
csv
import
security vulnerability
EPSS
0.001
Percentile
39.3%
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP CSV",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.8.0.0"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2022-12-15 00:00:00
nvd
nvd
CVE-2022-4368
2023-01-09 23:15:27
prion
prion
Cross site scripting
2023-01-09 23:15:00
cve
cve
CVE-2022-4368
2023-01-09 23:15:27
wpexploit
wpexploit
WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import
2022-12-15 00:00:00