CVE-2022-1255
Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
El plugin Import and export users and customers de WordPress versiones anteriores a 1.19.2.1, no sanea ni escapa los datos CSV importados, lo que podría permitir a usuarios muy privilegiados importar código javascript malicioso y conllevar a problemas de tipo Cross-Site Scripting Almacenado
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitize and escape imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-06 CVE Reserved
- 2022-04-11 CVE Published
- 2023-11-23 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82 | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Codection Search vendor "Codection" | Import And Export Users And Customers Search vendor "Codection" for product "Import And Export Users And Customers" | < 1.19.2.1 Search vendor "Codection" for product "Import And Export Users And Customers" and version " < 1.19.2.1" | wordpress |
Affected
|