CVE-2020-22275
HIGHEasy Registration Forms WP Plugin 2.0.6 - Code Injection
Title source: llmDescription
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://filebin.net/30ceikgukh268yyj
Product, Third Party Advisory x_refsource_misc
http://uploadboy.com/ty0715vdcii6/886/mp4
Exploit, Third Party Advisory x_refsource_misc
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf
Scores
CVSS v3
8.8
EPSS
0.0214
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1236
Status
published
Products (1)
easyregistrationforms/easy_registration_forms
2.0.6
Published
Nov 04, 2020
Tracked Since
Feb 18, 2026