CVE-2022-2146 Information

Description

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page and is lacking CSRF check when performing such action as well resulting in a Reflected Cross-Site Scripting

Reference

https://wpscan.com/vulnerability/adc1d752-331e-44af-b5dc-b463d56c2cb4