CVE-2018-16254: XSS
First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | =3.4.9 | |
| =3.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2018-16254.
What is the severity of CVE-2018-16254?
The severity of CVE-2018-16254 is medium with a CVSS score of 6.1.
What is the affected software by CVE-2018-16254?
The affected software by CVE-2018-16254 is WP All Import plugin 3.4.9 for WordPress.
How can an attacker exploit CVE-2018-16254?
An attacker can exploit CVE-2018-16254 by taking advantage of the action=options in the WP All Import plugin, which requires a logged-in administrator.
Are there any fixes or patches available for CVE-2018-16254?
Please refer to the vendor's response in the documentation for any fixes or patches for CVE-2018-16254.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/soflyy
- canonical/soflyy wp all import
- version/soflyy wp all import/3.4.9