Today > | 13 High | 31 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-5424

June 7, 2024, 2:56 p.m.

Tags

security@wordfence.com
2024-06-07
CVE-2023-5424

CVSS Score

4.7 / 10

Product(s) Impacted

WS Form LITE plugin for WordPress

  • up to 1.9.217

Description

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Weaknesses

Date

Published: June 7, 2024, 10:15 a.m.

Last Modified: June 7, 2024, 2:56 p.m.

Status : Undergoing Analysis

CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.

More info

Source

security@wordfence.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score
4.7
Exploitability Score
Impact Score
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

References

https://plugins.trac.wordpress.org/ security@wordfence.com
https://wsform.com/ security@wordfence.com
https://www.wordfence.com/ security@wordfence.com