First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Soflyy Wp All Import | =3.4.9 | |
=3.4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-16257.
The severity of CVE-2018-16257 is medium.
The affected software is WP All Import plugin version 3.4.9 for WordPress.
The vulnerability can be exploited via the action=template in the WP All Import plugin version 3.4.9 for WordPress.
The vendor disputed the vulnerability, but it is recommended to update WP All Import plugin to the latest version to mitigate the risk.