Vulnerabilities > CVE-2022-1470 - Unspecified vulnerability in Ultimate Woocommerce CSV Importer Project Ultimate Woocommerce CSV Importer

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ultimate-woocommerce-csv-importer-project

NVD

Published: 2022-06-27

Updated: 2024-11-21

Summary

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Vulnerable Configurations

Part	Description	Count
Application	Ultimate_Woocommerce_Csv_Importer_Project Ultimate Woocommerce CSV Importer Project Ultimate Woocommerce CSV Importer *	1

References

https://wpscan.com/vulnerability/13bb796f-7a17-47c9-a46f-a1d6ca4b6b91
https://wpscan.com/vulnerability/13bb796f-7a17-47c9-a46f-a1d6ca4b6b91