The Import all XML, CSV & TXT WordPress plugin prior to 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smackcoders import all pages\\, post types\\, products\\, orders\\, and users as xml \\& csv |