Vulnerabilities > CVE-2019-15092 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
webtoffee
CWE-1236
exploit available

Summary

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

Vulnerable Configurations

Part Description Count
Application
Webtoffee
32

Exploit-Db

idEDB-ID:47303
last seen2019-08-26
modified2019-08-26
published2019-08-26
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47303
titleWordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154203/wpimportexportwpusers131-csvinject.txt
idPACKETSTORM:154203
last seen2019-08-26
published2019-08-23
reporterJavier Olmedo
sourcehttps://packetstormsecurity.com/files/154203/WordPress-Import-Export-WordPress-Users-1.3.1-CSV-Injection.html
titleWordPress Import Export WordPress Users 1.3.1 CSV Injection