CVE-2018-16258: XSS
First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | =3.4.9 | |
| =3.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability in WP All Import plugin 3.4.9?
The vulnerability ID for this XSS vulnerability in WP All Import plugin 3.4.9 is CVE-2018-16258.
What is the severity of CVE-2018-16258?
The severity of CVE-2018-16258 is medium, with a severity value of 6.1.
How can an attacker exploit this vulnerability in WP All Import plugin 3.4.9?
An attacker can exploit this vulnerability in WP All Import plugin 3.4.9 by using pmxi-admin-import custom_type to perform a cross-site scripting (XSS) attack.
What is the affected software for CVE-2018-16258?
The affected software for CVE-2018-16258 is WP All Import plugin version 3.4.9 for WordPress.
Is there a fix available for this vulnerability?
There is no specific fix available for this vulnerability, but it is recommended to update to the latest version of WP All Import plugin to mitigate the risk.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/soflyy
- canonical/soflyy wp all import
- version/soflyy wp all import/3.4.9