ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Import any XML or CSV File to WordPress plugin <=3.4.5 - Cross-Site Scripting (XSS) vulnerability

Product
Import any XML or CSV File to WordPress
Description
Cross-Site Scripting (XSS) vulnerability found by Mardan Muhidin in WordPress Import any XML or CSV File to WordPress plugin (versions <=3.4.5).
Solution
Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.4.6).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-0546
Versions
Affected In <=3.4.5
Fixed In 3.4.6
Disclosure date
2018-03-12
Credits
Mardan Muhidin
Submitter
ThreatPress