ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Import any XML or CSV File to WordPress plugin <=3.4.6 - Cross-Site Scripting (XSS) vulnerability

Product
Import any XML or CSV File to WordPress
Description
Cross-Site Scripting (XSS) vulnerability found by Yuji Tounai in WordPress Import any XML or CSV File to WordPress plugin (versions <=3.4.6).
Solution
Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.4.7).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-0547
Versions
Affected In <=3.4.6
Fixed In 3.4.7
Disclosure date
2018-03-13
Credits
Yuji Tounai
Submitter
ThreatPress