WordPress Plugin Vulnerabilities

WP Smart Import < 1.0.3 - Reflected Cross-Ste Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
wp-smart-import
Fixed in 1.0.3

References

CVE
CVE-2022-40209

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
247a213f-d824-4095-b6a3-a490e95964ba

Timeline

Publicly Published
2022-12-06 (about 1 years ago)
Added
2022-12-06 (about 1 years ago)
Last Updated
2022-12-06 (about 1 years ago)

Other

Published
Title
Published
2023-11-29
Title
Responsive Lightbox < 2.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via name
Published
2024-03-07
Title
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget
Published
2021-01-15
Title
Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Editorial Calendar 2.6 - Post Title XSS
Published
2024-03-25
Title
Super Socializer < 7.13.64 - Editor+ Stored XSS