XSS Vulnerability in WP All Import Plugin for WordPress
CVE-2018-16256
6.1MEDIUM
What is CVE-2018-16256?
The WP All Import plugin version 3.4.9 for WordPress contains a Cross-Site Scripting (XSS) vulnerability that could be exploited through the 'Add Filtering Options (Add Rule)' feature. While the vendor claims that this vulnerability is not significant since it requires administrator access to exploit, potential risks associated with administrator user accounts should not be overlooked. Proper sanitization and validation measures are essential to prevent malicious users from injecting harmful scripts through this functionality.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved