Import users from CSV with meta <= 1.14.1.2 – XSS | CVE 2019-15327

Affects Plugins

Fixed in 1.14.1.3

References

CVE

CVE-2019-15327

URL

https://plugins.trac.wordpress.org/changeset?reponame=&new=2109361%40import-users-from-csv-with-meta&old=2104143%40import-users-from-csv-with-meta

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

lckjack

Verified

No

WPVDB ID

0f821e23-4f4c-499a-ab1c-ae7c5c9741c2

Timeline

Publicly Published

2019-06-20 (about 6 years ago)

Added

2019-06-21 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2023-04-01

Title

Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting

Published

2024-07-09

Title

Responsive Tabs < 4.0.11 - Contributor+ Stored XSS

Published

2025-09-26

Title

WP Tesseract <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-09-30

Title

Quill Forms < 3.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-12-06

Title

Optin Forms < 1.3.7 - Admin+ Stored Cross-Site Scripting