CVE-2020-22275

HIGH

Easy Registration Forms WP Plugin 2.0.6 - Code Injection

Title source: llm

Description

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

References (3)

[Exploit, Third Party Advisory] https://filebin.net/30ceikgukh268yyj

[Product, Third Party Advisory] http://uploadboy.com/ty0715vdcii6/886/mp4

[Exploit, Third Party Advisory] https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf

Scores

CVSS v3 8.8

EPSS 0.0105

EPSS Percentile 77.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

easyregistrationforms/easy_registration_forms 2.0.6

Published Nov 04, 2020

Tracked Since Feb 18, 2026