CVE-2022-2146
N/A
N/A
Summary
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Import CSV Files | 0 <= 1.0 | affected |
Weaknesses
- CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.