Import and export users and customers < 1.16.3.6 – CSV Injection | CVE 2020-22277

Affects Plugins

import-users-from-csv-with-meta

Fixed in 1.16.3.6

References

CVE

CVE-2020-22277

URL

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22277.pdf

URL

https://plugins.trac.wordpress.org/changeset/2422429/import-users-from-csv-with-meta

Classification

Type

CSV INJECTION

OWASP top 10

A1: Injection

CWE

CWE-1236

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Mohamad Pishdar (cert.ikiu.ac.ir)

Verified

Yes

WPVDB ID

401d57e4-85d3-4587-ace2-569a5d0338c8

Timeline

Publicly Published

2020-11-20 (about 5 years ago)

Added

2020-11-20 (about 5 years ago)

Last Updated

2020-11-21 (about 5 years ago)

Other

Published

Title

Published

2022-09-28

Title

Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

Published

2022-11-17

Title

ProfileGrid < 5.1.8 - Subscriber+ CSV Injection

Published

2020-11-20

Title

weForms < 1.6.4 - CSV Injection

Published

2020-12-18

Title

Ultimate SMS Notifications for WooCommerce < 1.4.2 - CSV Injection

Published

2022-09-25

Title

Activity Log < 2.8.4 - CSV Injection