CSV Injection Vulnerability in CampTix Event Ticketing Plugin for WordPress
CVE-2016-10762

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Camptix Event Ticketing
Vendor: CVE Published:; 18 July 2019

Summary

The CampTix Event Ticketing plugin for WordPress prior to version 1.5 is susceptible to a CSV injection vulnerability, which arises when users export data through the plugin's export tool. This flaw can allow attackers to manipulate CSV files, potentially leading to unauthorized actions or information disclosure when the exported contents are opened or processed by unsuspecting users. It is crucial for WordPress website administrators using this plugin to ensure they are running an updated version to mitigate this risk.

References

https://hackerone.com/reports/151516

x_refsource_MISC

https://wordpress.org/plugins/camptix/#developers

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2019
Vulnerability Reserved
Jul 18, 2019