CSV Injection Vulnerability in WeForms Plugin by WordPress
CVE-2020-22276

9.8CRITICAL

Key Information:

Vendor

Wordpress
Status
Weforms
Vendor
CVE Published:
4 November 2020

What is CVE-2020-22276?

The WeForms Plugin for WordPress, specifically version 1.4.7, is susceptible to CSV injection due to inadequately sanitized input fields. An attacker can exploit this vulnerability by submitting crafted entries through the form, which, when exported as a CSV file, can execute arbitrary commands. This can lead to significant security risks for users who unknowingly open manipulated files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://filebin.net/khncr59vyfztn6wj
x_refsource_MISC
http://uploadboy.com/tvvs4p2gf03m/887/mp4
x_refsource_MISC
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.