First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Soflyy Wp All Import | =3.4.9 | |
=3.4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of the WP All Import plugin is CVE-2018-16256.
The severity level of CVE-2018-16256 is medium.
The affected version of the WP All Import plugin is 3.4.9.
The CWE ID of CVE-2018-16256 is CWE-79.
There is no vendor-accepted fix available as the vendor disputes the vulnerability. It is recommended to consider alternative import plugins or consult with the plugin vendor.