WordPress Plugin Vulnerabilities
Exports and Reports < 0.9.2 - Contributor+ CSV Injection
Description
The plugin does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.
Proof of Concept
As a contributor, put the following payload in a Post title: =1+2 As admin, export a CSV using the plugin's feature (/wp-admin/admin.php?page=exports-reports-group-1), open it with OpenOffice/Excel etc and note that formula being processed
Affects Plugins
References
CVE
Classification
Type
CSV INJECTION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
websafe2021
Submitter
websafe2021
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-06-29 (about 1 years ago)
Added
2022-06-29 (about 1 years ago)
Last Updated
2023-04-04 (about 1 years ago)