Lucene search

MitreCVE-2018-16256

HistoryApr 12, 2019 - 6:29 p.m.

CVE-2018-16256

2019-04-1218:29:00

CWE-79

mitre

web.nvd.nist.gov

cve-2018-16256

xss

wp all import plugin

wordpress

nvd

vulnerability

security fix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator

Affected configurations

Nvd

Node

soflyywp_all_importMatch3.4.9wordpress

VendorProductVersionCPE
soflyywp_all_import3.4.9cpe:2.3:a:soflyy:wp_all_import:3.4.9:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
soflyy	wp_all_import	3.4.9	cpe:2.3:a:soflyy:wp_all_import:3.4.9:::::wordpress::

References

ansawaf.blogspot.com/2019/04/xss-in-import-any-xml-or-csv-file-for.html

docs.google.com/document/d/1Lfk0YQMIhlMCOOvVRX8HkU6C50s9QSW7C-9gnNmzsHY/edit?usp=sharing

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

Related for CVE-2018-16256