CVE-2018-16259

Name of the Vulnerable Software and Affected Versions WP All Import plugin version 3.4.9

Description There is an issue with the WP All Import plugin for WordPress, specifically via the large feed limit in pmxi-admin-settings, which may allow for an XSS attack. However, the vendor notes that this is not considered a vulnerability since the plugin can only be used by a logged-in administrator, and any potential action can only be taken advantage of by a logged-in administrator.

Recommendations For WP All Import plugin version 3.4.9, consider restricting access to the pmxi-admin-settings and limiting the use of the large feed limit setting to minimize potential risks until a resolution or further guidance is provided by the vendor. At the moment, there is no information about a newer version that contains a fix for this issue.