WordPress Plugin Vulnerabilities

WP-CRM <= 1.2.1 - CSV Injection

Description

The plugin does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

Proof of Concept

1. Add new person and put the following CSV calculator payload into the Display Name, Phone Number and Description field and save the entry.
payload : =cmd|' /C calc'!'A1'  or  =cmd|' /C calc'!A0

2. In the All People section, click on "Export CSV"

If the csv is opened in a vulnerable application, the payload will execute.

Affects Plugins

Plugin icon
wp-crm
No known fix

References

CVE
CVE-2022-1202

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
3.7 (low)

Miscellaneous

Original Researcher
Ankur Bakre
Submitter
Ankur Bakre
Submitter website
https://www.linkedin.com/in/ankur-bakre-99320316b/
Verified
Yes
WPVDB ID
53c8190c-baef-4807-970b-f01ab440576a

Timeline

Publicly Published
2022-05-18 (about 2 years ago)
Added
2022-05-18 (about 2 years ago)
Last Updated
2023-02-08 (about 1 years ago)

Other

Published
Title
Published
2020-01-08
Title
WP Users Exporter <= 1.4.2 - CSV Injection
Published
2022-11-29
Title
WP CSV Exporter < 1.3.7 - CSV Injection
Published
2020-12-18
Title
Ultimate SMS Notifications for WooCommerce < 1.4.2 - CSV Injection
Published
2021-06-21
Title
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
Published
2022-09-28
Title
Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection