CVE-2020-29304

Name of the Vulnerable Software and Affected Versions SabaiApps WordPress Directories Pro plugin versions prior to 1.3.46

Description A cross-site scripting (XSS) issue exists, allowing attackers to inject arbitrary web script or HTML by convincing a site administrator to import a specially crafted CSV file during the file import workflow.

Recommendations For SabaiApps WordPress Directories Pro plugin versions prior to 1.3.46, update to version 1.3.46 or later to resolve the issue. As a temporary workaround, consider restricting the ability to import CSV files to trusted administrators only, and avoid importing files from untrusted sources until the issue is resolved.