CVE-2020-11548

CRITICAL

Search Meter < 2.13.2 - Remote Code Execution

Title source: rule

Description

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.

Exploits (1)

exploitdb WORKING POC

by Daniel Monzón · textwebappsphp

https://www.exploit-db.com/exploits/48197

View Code ZIP pw:eip

References (2)

[Product, Third Party Advisory] https://wordpress.org/plugins/search-meter/#developers

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48197

Scores

CVSS v3 9.8

EPSS 0.1072

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

search_meter_project/search_meter < 2.13.2

Published Apr 05, 2020

Tracked Since Feb 18, 2026