Lucene search
WpvulndbWPVDB-ID:8C5D40EA-E278-43C0-889C-9FB8ADA058AEHistoryApr 24, 2024 - 12:00 a.m.
Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting
2024-04-2400:00:00
wpscan.com
5
wordpress
woocommerce
excel
cross-site scripting
vulnerable
input sanitization
output escaping
unauthenticated attackers
arbitrary web scripts
Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.3 |
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
Related for WPVDB-ID:8C5D40EA-E278-43C0-889C-9FB8ADA058AE