CSV Injection Vulnerability in CampTix Event Ticketing Plugin for WordPress
CVE-2016-10762

7.5HIGH

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
18 July 2019

What is CVE-2016-10762?

The CampTix Event Ticketing plugin for WordPress prior to version 1.5 is susceptible to a CSV injection vulnerability, which arises when users export data through the plugin's export tool. This flaw can allow attackers to manipulate CSV files, potentially leading to unauthorized actions or information disclosure when the exported contents are opened or processed by unsuspecting users. It is crucial for WordPress website administrators using this plugin to ensure they are running an updated version to mitigate this risk.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.