WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Easy Registration Forms <= 2.0.6 - CSV Injection

Description

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

Affects Plugins

easy-registration-forms
No known fix

References

CVE
CVE-2020-22275
URL
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf

Classification

Type

CSV INJECTION

OWASP top 10
A1: Injection
CWE
CWE-1236

Miscellaneous

Original Researcher

Mohamad Pishdar (cert.ikiu.ac.ir)

Verified

No

WPVDB ID
2f32bcd9-7902-4f05-ab23-2fa50720d90b

Timeline

Publicly Published

2020-11-20 (about 2 years ago)

Added

2020-11-20 (about 2 years ago)

Last Updated

2020-11-21 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin