The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
As admin, import the below CSV file via Tools > Import and export users and customers (/wp-admin/tools.php?page=acui) user_login user_email display_name role<svg onload=confirm(/XSS/)// first_name last_name billing_first_name billing_last_name billing_company billing_email billing_phone billing_country billing_address_1 billing_address_2 billing_city billing_state billing_postcode shipping_first_name shipping_last_name shipping_company shipping_country shipping_address_1 shipping_address_2 shipping_city shipping_state shipping_postcode Then the XSS will be triggered after the import, as well as in the Extra profile fields page of the plugin (/wp-admin/tools.php?page=acui&tab=columns)
0x23.so
0x23.so
Yes
2022-04-11 (about 1 years ago)
2022-04-11 (about 1 years ago)
2022-04-13 (about 1 years ago)