First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Soflyy Wp All Import | =3.4.9 | |
=3.4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS vulnerability in WP All Import plugin 3.4.9 is CVE-2018-16258.
The severity of CVE-2018-16258 is medium, with a severity value of 6.1.
An attacker can exploit this vulnerability in WP All Import plugin 3.4.9 by using pmxi-admin-import custom_type to perform a cross-site scripting (XSS) attack.
The affected software for CVE-2018-16258 is WP All Import plugin version 3.4.9 for WordPress.
There is no specific fix available for this vulnerability, but it is recommended to update to the latest version of WP All Import plugin to mitigate the risk.