CVE-2022-40209 WP Smart Import plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

2022-12-0614:54:09

CWE-79

Patchstack

www.cve.org

cve-2022-40209

cross site scripting

unauthenticated

reflected

xylus themes

wordpress

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.5%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "product": "WP Smart Import",
    "vendor": "Xylus Themes",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]