Lucene search
Stefan BroederPATCHSTACK:3B7B9BB51FFB898F90627840C8F66C3FHistoryApr 09, 2018 - 12:00 a.m.
WordPress Contact Form 7 to Database Extension plugin 2.10.32 - CSV Injection vulnerability
2018-04-0900:00:00
Stefan Broeder
patchstack.com
5
0.01 Low
EPSS
Percentile
83.8%
CSV Injection vulnerability found in WordPress Contact Form 7 to Database Extension plugin (version 2.10.32). Vulnerable file ExportToCsvUtf8.php allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
Solution
This plugin has been closed and is no longer available for download on WordPress.org, and we suggest to deactivate and delete this plugin from your server asap.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contact form 7 to database extension | eq | 2.10.32 |
Related
packetstorm
packetstorm
WordPress Contact Form 7 To Database Extension 2.10.32 CSV Injection
2018-03-31 00:00:00
prion
prion
Design/Logic Flaw
2018-04-04 19:29:00
nvd
nvd
CVE-2018-9035
2018-04-04 19:29:00
wpvulndb
wpvulndb
Contact Form 7 to Database Extension 2.10.32 - CSV Injection
2018-04-09 00:00:00
cve
cve
CVE-2018-9035
2018-04-04 19:29:00
exploitpack
exploitpack
osv
osv
CVE-2018-9035
2018-04-04 19:29:00
cvelist
cvelist
CVE-2018-9035
2018-04-04 19:00:00
zdt
zdt
exploitdb
exploitdb