The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098265%40ws-form&new=3098265%40ws-form&sfp_email=&sfph_mail= - Patch | |
References | () https://wsform.com/changelog/?utm_source=wp_plugins&utm_medium=readme - Release Notes | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/38ccaa81-77ec-46f2-9bec-d74fa2e093f3?source=cve - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
12 Jun 2024, 13:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1236 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Westguardsolutions
Westguardsolutions ws Form |
|
CPE | cpe:2.3:a:westguardsolutions:ws_form:*:*:*:*:pro:wordpress:*:* cpe:2.3:a:westguardsolutions:ws_form:*:*:*:*:lite:wordpress:*:* |
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098265%40ws-form&new=3098265%40ws-form&sfp_email=&sfph_mail= - Patch | |
References | () https://wsform.com/changelog/?utm_source=wp_plugins&utm_medium=readme - Release Notes | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/38ccaa81-77ec-46f2-9bec-d74fa2e093f3?source=cve - Third Party Advisory |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 10:15
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5424
Mitre link : CVE-2023-5424
CVE.ORG link : CVE-2023-5424
JSON object : View
Products Affected
westguardsolutions
- ws_form
CWE
CWE-1236
Improper Neutralization of Formula Elements in a CSV File