CVE-2022-1255

Name of the Vulnerable Software and Affected Versions Import and export users and customers WordPress plugin versions prior to 1.19.2.1

Description The issue arises from the plugin's failure to sanitise and escape imported CSV data, allowing high privilege users to import malicious javascript code. This can lead to Stored Cross-Site Scripting issues.

Recommendations For versions prior to 1.19.2.1, update to version 1.19.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to trusted users only until the update is applied.