WordPress Plugin Vulnerabilities
Visual Form Builder < 3.0.6 - CSV Injection
Description
The plugin is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Proof of Concept
Endpoint - http://<<example.com>>/wordpress/wp-admin/admin.php?page=vfb-export Payload - =cmd|' /C notepad'!'A1' (Non malicious payload) Issue Description - Entries of the form are vulnerable to CSV/Formula Injection 1. Submit the payload in any field (Text or HTML) of a published form (Any user can perform this) 2. Now Login as an admin, Go to → Visual Form Builder → Export Tab 3. Export the fields as a CSV File and open the file to see the payload getting executed.
Affects Plugins
References
Classification
Type
CSV INJECTION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Vishnupriya Ilango of Fortinet's FortiGuard Labs
Submitter
Vishnupriya ilango
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-03 (about 2 years ago)
Added
2022-04-11 (about 2 years ago)
Last Updated
2023-03-12 (about 1 years ago)