CVE-2018-16256: XSS
First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | =3.4.9 | |
| =3.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the WP All Import plugin?
The vulnerability ID of the WP All Import plugin is CVE-2018-16256.
What is the severity level of CVE-2018-16256?
The severity level of CVE-2018-16256 is medium.
What is the affected version of the WP All Import plugin?
The affected version of the WP All Import plugin is 3.4.9.
What is the CWE ID of CVE-2018-16256?
The CWE ID of CVE-2018-16256 is CWE-79.
What is the recommended action to fix the XSS vulnerability in WP All Import plugin 3.4.9?
There is no vendor-accepted fix available as the vendor disputes the vulnerability. It is recommended to consider alternative import plugins or consult with the plugin vendor.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/soflyy
- canonical/soflyy wp all import
- version/soflyy wp all import/3.4.9