The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
References
Configurations
History
21 Nov 2024, 04:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8 - | |
References | () https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996 - Issue Tracking, Third Party Advisory | |
References | () https://wpvulndb.com/vulnerabilities/10016 - Broken Link |
20 May 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress. |
07 Nov 2023, 03:08
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-01-09 21:15
Updated : 2024-11-21 04:38
NVD link : CVE-2019-20180
Mitre link : CVE-2019-20180
CVE.ORG link : CVE-2019-20180
JSON object : View
Products Affected
tablepress
- tablepress
CWE
CWE-1236
Improper Neutralization of Formula Elements in a CSV File