CSV Injection Vulnerability in WordPress Comments Import & Export Plugin
CVE-2018-11526

7.8HIGH

Key Information:

Vendor

Wordpress
Status
WordPress Comments Import And Export
Vendor
CVE Published:
19 June 2018

What is CVE-2018-11526?

The Comments Import & Export plugin for WordPress, specifically versions 2.0.4 and earlier, is susceptible to a CSV Injection vulnerability. An attacker could exploit this flaw by crafting malicious CSV files that, when imported, execute arbitrary code on the server, leading to unauthorized access and potential data compromise. Website administrators using this plugin are encouraged to update to the latest version and implement additional security measures to safeguard against this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/44940/
exploitx_refsource_EXPLOIT-DB
https://wordpress.org/plugins/comments-import-export-wooc...
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/9097
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.