Cross-Site Scripting Vulnerability in Import Users from CSV with Meta Plugin for WordPress
CVE-2019-15328
6.1MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 22 August 2019
Summary
The import-users-from-csv-with-meta plugin for WordPress, prior to version 1.14.0.3, contains a Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into the application, which can then be executed in the context of another user's session. This vulnerability poses a significant risk to the security of WordPress sites utilizing this plugin, potentially compromising sensitive user information and site integrity. Immediate updates and security assessments are recommended to mitigate the risks associated with this vulnerability.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved