WordPress Plugin Vulnerabilities

Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF

Description

Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
I have found a Stored XSS on the plugin Supra CSV Version: 4.0.3. Here is the official page of the plugin given below
https://wordpress.org/plugins/supra-csv-parser

Proof of Concept

Affects Plugins

Plugin icon
supra-csv-parser
No known fix

References

CVE
CVE-2022-3853

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Rahul selvakumar
Submitter
Rahul selvakumar
Verified
Yes
WPVDB ID
c2bc7d23-5bfd-481c-b42b-da7ee80d9514

Timeline

Publicly Published
2022-12-05 (about 3 years ago)
Added
2022-11-21 (about 3 years ago)
Last Updated
2022-11-21 (about 3 years ago)

Other

Published
Title
Published
2025-12-05
Title
Master Addons for Elementor <= 2.0.9.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-26
Title
Panorama – WordPress Project Management Plugin <= 1.5.1 - Admin+ Stored XSS
Published
2014-08-01
Title
LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS
Published
2023-10-29
Title
Accordion < 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2009-09-27
Title
WP Cumulus < 1.22 - XSS