Description
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10094
Third Party Advisory x_refsource_misc
https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/
Third Party Advisory x_refsource_misc
https://www.jinsonvarghese.com/csv-injection-in-export-users-to-csv-plugin/
Scores
CVSS v3
6.1
EPSS
0.0132
EPSS Percentile
67.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-1236
Status
published
Products (1)
export_users_to_csv_project/export_users_to_csv
< 1.4.2
Published
Feb 28, 2020
Tracked Since
Feb 18, 2026