CSV Injection Vulnerability in Export Users to CSV Plugin for WordPress
CVE-2020-9466

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Export Users To Csv
Vendor
CVE Published:
28 February 2020

Summary

The Export Users to CSV plugin for WordPress, up to version 1.4.2, is susceptible to CSV Injection attacks. This vulnerability allows attackers to inject malicious code into exported CSV files, which could be executed by users upon opening the file in spreadsheet applications. This poses a significant threat as it may lead to data compromise or the execution of unintended commands, highlighting the importance of securing plugin functionality to prevent the exploitation of data export features.

References

https://wpvulndb.com/vulnerabilities/10094
x_refsource_MISC
https://www.getastra.com/blog/911/plugin-exploit/csv-inje...
x_refsource_MISC
https://www.jinsonvarghese.com/csv-injection-in-export-us...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.