CSV Injection Vulnerability in Advanced Order Export For WooCommerce Plugin by WordPress
CVE-2018-11525
7.8HIGH
Summary
The Advanced Order Export For WooCommerce plugin for WordPress is susceptible to CSV Injection, which allows malicious actors to inject crafted CSV data. When this plugin processes CSV files, it fails to adequately sanitize user inputs, potentially enabling an attacker to execute arbitrary commands upon file download. This poses a significant security risk to users who might inadvertently open a compromised CSV file, leading to the exposure of sensitive data or unintended actions on the system.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved