CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.5%

CVSS Severity

CVSS v3 Score 5.5

References

https://plugins.trac.wordpress.org/browser/members-import/trunk/members-import.php#L113
https://www.wordfence.com/threat-intel/vulnerabilities/id/3abbc407-f660-4b1f-9d48-436320e5fdd7
https://plugins.trac.wordpress.org/browser/members-import/trunk/members-import.php#L113
https://www.wordfence.com/threat-intel/vulnerabilities/id/3abbc407-f660-4b1f-9d48-436320e5fdd7

Products affected by CVE-2022-4663

Youngtechleads » Members Import » Version: N/A

cpe:2.3:a:youngtechleads:members_import:-
Youngtechleads » Members Import » Version: 1.4.2

cpe:2.3:a:youngtechleads:members_import:1.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4663

Products

Pricing

Contact Us