WP CSV Exporter 2

To plugin page No VDP

Report

New Existing

WordPress WP CSV Exporter Plugin <= 1.3.6 is vulnerable to CSV Injection

5.8

Medium severity CVSS 3.1 score

Not known to be exploited Report an attack

Protect your sites with automated security

Enable Protection

Patchstack Professional users are protected since 09.12.2022

Enable Protection

Deactivate and delete. This plugin has been closed as of November 3, 2022 and is not available for download. This closure is temporary, pending a full review.

Mika discovered and reported this CSV Injection vulnerability in WordPress WP CSV Exporter Plugin. This could allow a malicious actor to craft malicious formulas to then exploit vulnerabilities in the spreadsheet software or to execute commands to gain access to the victim';s PC. This vulnerability has not been known to be fixed yet.

Auth. SQL Injection (SQLi) vulnerability <= 1.3.6

6.6

09.11.2022

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more