CVE-2022-1255: Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
First published: Mon May 02 2022(Updated: )
The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codection Import and Export Users and Customers | <1.19.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Import and export users and customers WordPress plugin?
The vulnerability ID is CVE-2022-1255.
What is the severity rating for CVE-2022-1255?
The severity rating for CVE-2022-1255 is medium with a score of 4.8.
What is the affected software for CVE-2022-1255?
The affected software for CVE-2022-1255 is the Import and export users and customers WordPress plugin version up to 1.19.2.1.
What is the impact of CVE-2022-1255?
CVE-2022-1255 allows high privilege users to import malicious javascript code, leading to Stored Cross-Site Scripting (XSS) issues.
Is there a fix available for CVE-2022-1255?
Yes, updating the Import and export users and customers WordPress plugin to version 1.19.2.1 or newer will fix the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/codection
- canonical/codection import and export users and customers