CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:38

Type Values Removed Values Added
References () https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8 - () https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8 -
References () https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996 - Issue Tracking, Third Party Advisory () https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996 - Issue Tracking, Third Party Advisory
References () https://wpvulndb.com/vulnerabilities/10016 - Broken Link () https://wpvulndb.com/vulnerabilities/10016 - Broken Link

20 May 2024, 21:15

Type Values Removed Values Added
Summary (en) The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. (en) The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.

07 Nov 2023, 03:08

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8', 'name': 'https://medium.com/@Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8', 'tags': ['Exploit', 'Mitigation', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8 -

Information

Published : 2020-01-09 21:15

Updated : 2024-11-21 04:38


NVD link : CVE-2019-20180

Mitre link : CVE-2019-20180

CVE.ORG link : CVE-2019-20180


JSON object : View

Products Affected

tablepress

  • tablepress
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File