WordPress Advanced Importer Plugin <= 2.1.1 - Reflected Cross Site Scripting

Back

Product: Advanced Importer
Description: This plugin is prone to a cross site scripting vulnerability, because “alertmsg” parameter is not sanitized.
Solution: Update the plugin.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A2: Broken Authentication and Session Management
References: WordPress
CVE: Name CVE-N/A
Versions: Affected In <= 2.1.1
Fixed In 2.2
Disclosure date: 2016-02-23
Submitter: ThreatPress