CVE-2020-22275

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Easy Registration Forms
Vendor
CVE Published:
4 November 2020

Summary

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

References

https://filebin.net/30ceikgukh268yyj
x_refsource_MISC
http://uploadboy.com/ty0715vdcii6/886/mp4
x_refsource_MISC
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.