Cross-Site Scripting Vulnerability in WP All Import Plugin by WordPress
CVE-2018-16258
6.1MEDIUM
What is CVE-2018-16258?
The WP All Import plugin version 3.4.9 for WordPress contains a Cross-Site Scripting (XSS) vulnerability that can be exploited through the pmxi-admin-import custom type. Although the vendor asserts that this is not a vulnerability as it requires administrative access, it is crucial for users to be aware of potential risks associated with logged-in administrator actions. Ensuring secure practices when managing imports is essential for safeguarding against such vulnerabilities.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved