WP CSV <= 1.8.0.0 – Reflected XSS via CSV Import | CVE 2022-4368 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.

Proof of Concept

Create a .txt file and the below line there:
 
$ echo "<script>alert(/XSS/)</script>"
 
Make a logged in admin import the file (via "WP CSV" > "Import") to trigger the XSS

The attack could also be performed via CSRF

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Mesut Cetin

Submitter

Mesut Cetin

Submitter website

https://github.com/m-cetin/

Verified

Yes

WPVDB ID

fa7e2b64-ca48-4b76-a2c2-f5e31e42eab7

Timeline

Publicly Published

2022-12-15 (about 1 years ago)

Added

2022-12-14 (about 1 years ago)

Last Updated

2022-12-14 (about 1 years ago)

Other

Published

Title

Published

2022-12-16

Title

Vision Interactive For WordPress < 1.5.4 - Contributor+ Stored XSS

Published

2023-12-05

Title

Email Subscription Popup < 1.2.19 - Reflected Cross-Site Scripting

Published

2022-05-17

Title

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS

Published

2020-03-26

Title

Xenon Theme <= 1.3 - Unauthenticated Cross-Site Scripting (XSS)