CVE-2019-20180

6.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Tablepress
Vendor: CVE Published:; 9 January 2020

Summary

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.

References

https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tabl...

https://wpvulndb.com/vulnerabilities/10016

https://wordpress.org/support/topic/security-issue-cve-20...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Dec 31, 2019