CVE-2022-1470

CVE-2022-1470: Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting

Vendor Unknown

Product Ultimate WooCommerce CSV Importer

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1470 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-2308 ElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-20948 Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability CVE-2023-32518 WordPress WP Chinese Conversion Plugin <= 1.1.16 is vulnerable to Cross Site Scripting (XSS) CVE-2025-31811 WordPress Planyo online reservation system plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability CVE-2023-25018 Rifartek IOT Wall - Reflected XSS