Stored Cross-Site Scripting Vulnerability in WordPress Plugin
CVE-2024-8722
5.5MEDIUM
What is CVE-2024-8722?
The Import any XML or CSV File to WordPress PRO plugin is susceptible to Stored Cross-Site Scripting through SVG file uploads, due to inadequate input sanitization and output escaping. Authenticated attackers with Administrator access can exploit this vulnerability to inject malicious web scripts into pages, which execute whenever users access the compromised SVG files. This risk underscores the importance of implementing robust security measures and ensuring prompt updates to protect against potential exploits.
Affected Version(s)
WP All Import Pro * <= 4.9.7