Members Import <= 1.4.2 - XSS via Imported CSV

2023-01-0300:00:00

wpscan.com

xss

csv

admin

vulnerability

0.001 Low

EPSS

Percentile

29.2%

JSON

The plugin does not sanitise and escape imported CSV, which could allow attackers to perform Cross-Site Scripting attacks if they can make an admin import a malicious CSV file

CPENameOperatorVersion
members-importeq*

CPE	Name	Operator	Version
	members-import	eq	*

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for WPVDB-ID:4702DF0C-F60C-4EF5-862B-3E40460AD9E8