CVE-2019-20180
MEDIUMTablePress < 1.9.2 - CSV Injection via tablepress[data]
Title source: llmDescription
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
References (3)
Core 3
Core References
Various Sources
https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8
Issue Tracking, Third Party Advisory
https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996
Broken Link
https://wpvulndb.com/vulnerabilities/10016
Scores
CVSS v3
6.8
EPSS
0.0233
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1236
Status
published
Products (1)
tablepress/tablepress
< 1.9.2
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026