Vulnerability Details CVE-2019-20180
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.8%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 6.0
References
- https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8
- https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996
- https://wpvulndb.com/vulnerabilities/10016
- https://medium.com/%40Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8
- https://wordpress.org/support/topic/security-issue-cve-2019-20180-for-tablepress/#post-16282996
- https://wpvulndb.com/vulnerabilities/10016
Products affected by CVE-2019-20180
-
cpe:2.3:a:tablepress:tablepress:-
-
cpe:2.3:a:tablepress:tablepress:0.9
-
cpe:2.3:a:tablepress:tablepress:1.0
-
cpe:2.3:a:tablepress:tablepress:1.1
-
cpe:2.3:a:tablepress:tablepress:1.1.1
-
cpe:2.3:a:tablepress:tablepress:1.2
-
cpe:2.3:a:tablepress:tablepress:1.3
-
cpe:2.3:a:tablepress:tablepress:1.4
-
cpe:2.3:a:tablepress:tablepress:1.5
-
cpe:2.3:a:tablepress:tablepress:1.5.1
-
cpe:2.3:a:tablepress:tablepress:1.6
-
cpe:2.3:a:tablepress:tablepress:1.6.1
-
cpe:2.3:a:tablepress:tablepress:1.7
-
cpe:2.3:a:tablepress:tablepress:1.8
-
cpe:2.3:a:tablepress:tablepress:1.8.1
-
cpe:2.3:a:tablepress:tablepress:1.9
-
cpe:2.3:a:tablepress:tablepress:1.9.1
-
cpe:2.3:a:tablepress:tablepress:1.9.2