WordPress Plugin Vulnerabilities

Search Meter < 2.13.3 - CSV Injection

Description

A CSV Injection vulnerability was discovered in the Search Meter WordPress plugin. Version 2.13.2 and possibly earlier versions of the plugin was found to be affected. According to the reporter, the issue was reported to the plugin's author but they did not respond.

Affects Plugins

Plugin icon
search-meter
Fixed in 2.13.3

References

CVE
CVE-2020-11548
Exploitdb
48197
URL
https://packetstormsecurity.com/files/#156681/

Classification

Type
INJECTION
OWASP top 10
A1: Injection
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Daniel Monzon
Verified
No
WPVDB ID
2aeb9a32-be33-48aa-bb48-591319e0f58d

Timeline

Publicly Published
2020-03-11 (about 6 years ago)
Added
2020-03-11 (about 5 years ago)
Last Updated
2020-09-11 (about 5 years ago)

Other

Published
Title
Published
2021-10-11
Title
Loco Translate < 2.5.4 - Authenticated PHP Code Injection
Published
2025-04-07
Title
Tutor LMS < 3.4.1 - Subscriber+ HTML Injection
Published
2023-10-20
Title
MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection
Published
2023-10-22
Title
wpDiscuz < 7.6.11 - Unauthenticated Content Injection
Published
2020-03-16
Title
Newsletter < 6.5.4 - CSV Injection