CVE-2018-16259: XSS
First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soflyy Wp All Import | =3.4.9 | |
| =3.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2018-16259.
What is the affected software?
The affected software is WP All Import plugin 3.4.9 for WordPress.
What is the severity of CVE-2018-16259?
The severity of CVE-2018-16259 is medium.
How can the XSS vulnerability be exploited in WP All Import plugin 3.4.9?
The XSS vulnerability in WP All Import plugin 3.4.9 can be exploited via the pmxi-admin-settings large_feed_limit parameter.
Is there a fix available for this vulnerability?
Yes, the vendor has provided a fix for this vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/soflyy
- canonical/soflyy wp all import
- version/soflyy wp all import/3.4.9