Bulk Edit and Create User Profiles – WP Sheet Editor <= 1.5.13 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2022-04-18

The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1089

CVSS

Score:4.8

Severity:Medium

Version: 1.5.13

There is a patch available in v1.5.14 and we strongly recommend you update to this version as soon as possible.