CSV Injection Vulnerability in WeForms Plugin by WordPress
CVE-2020-22276

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Weforms
Vendor: CVE Published:; 4 November 2020

What is CVE-2020-22276?

The WeForms Plugin for WordPress, specifically version 1.4.7, is susceptible to CSV injection due to inadequately sanitized input fields. An attacker can exploit this vulnerability by submitting crafted entries through the form, which, when exported as a CSV file, can execute arbitrary commands. This can lead to significant security risks for users who unknowingly open manipulated files.