PT-2019-9286 · WordPress · Wp All Import

Mohammed Ansari S

Publicado

2019-04-12

Atualizado

2024-08-05

CVE-2018-16254

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP All Import plugin version 3.4.9

Description The issue concerns an XSS vulnerability in the WP All Import plugin for WordPress, specifically via the action=options. It's noted that the vendor does not consider this a vulnerability, as the plugin can only be used by a logged-in administrator, and the described action can only be exploited by a logged-in administrator.

Recommendations For WP All Import plugin version 3.4.9, consider restricting access to the action=options to minimize the risk of exploitation, as the vendor states that only a logged-in administrator can take advantage of this action. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-16254

Produtos afetados

Wp All Import

PT-2019-9286 · WordPress · Wp All Import

CVE-2018-16254

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6