216.73.217.86

CVE-2023-5424

· Published 07/06/2024 10:15 · Modified 07/06/2024 14:56

Labels: CVE-2023-5424 2024-06-07CVE-2023-5424[email protected]

Essential information

Published
07/06/2024 10:15
Modified
07/06/2024 14:56
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

References