Products
Business Directory Plugin plugin for WordPress
- up to 6.4.3
Source
security@wordfence.com
Tags
CVE-2023-5527 details
Published : June 18, 2024, 6:15 a.m.
Last Modified : June 18, 2024, 6:15 a.m.
Last Modified : June 18, 2024, 6:15 a.m.
Description
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.4 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
7.4
Exploitability Score
3.1
Impact Score
3.7
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
References
This website uses the NVD API, but is not approved or certified by it.