CVE-2021-24441

HIGH

Sign-up Sheets WP <1.0.14 - Code Injection

Title source: llm

Description

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/ec9292b1-5cbd-4332-bdb6-2351c94f5ac6

Scores

CVSS v3 8.0

EPSS 0.0084

EPSS Percentile 74.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

fetchdesigns/sign-up_sheets < 1.0.14

Published Jul 12, 2021

Tracked Since Feb 18, 2026