First published: Fri Apr 12 2019(Updated: )
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Soflyy Wp All Import | =3.4.9 | |
=3.4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS vulnerability is CVE-2018-16259.
The affected software is WP All Import plugin 3.4.9 for WordPress.
The severity of CVE-2018-16259 is medium.
The XSS vulnerability in WP All Import plugin 3.4.9 can be exploited via the pmxi-admin-settings large_feed_limit parameter.
Yes, the vendor has provided a fix for this vulnerability.