WP-Safety
CVE-2020-22276

WeForms <= 1.4.7 - CSV injection via form entry

highImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
8.6
CVSS Score
8.6
CVSS Score
high
Severity
1.4.8
Patched in
1258d
Time to patch

Description

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.

CVSS Vector Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
High
Confidentiality
High
Integrity
High
Availability

Technical Details

Affected versions<=1.4.7
PublishedAugust 13, 2020
Last updatedJanuary 22, 2024
Affected pluginweforms
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/53bffb82-b9df-40a0-947b-ecae512f363a?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database