Vulnerability CVE-2022-4368
Published: 2023-01-09   Modified: 2023-01-10

Description:
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting.

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/fa7e2b64-ca48-4b76-a2c2-f5e31e42eab7
Copyright 2026, cxsecurity.com

 

Back to Top