WordPress Import and export users and customers plugin <= 1.16.3.5

Back

WordPress Import and export users and customers plugin <= 1.16.3.5 - CSV Injection vulnerability

Product: Import and export users and customers
Description: CSV Injection vulnerability found by Mohamad Pishdar (cert.ikiu.ac.ir) in WordPress Import and export users and customers plugin (versions <= 1.16.3.5).
Solution: Update the WordPress Import and export users and customers plugin to the latest available version (at least 1.16.3.5).
Classification: Type Unknown
OWASP Top 10 A1: Injection
References: Vulnerability details
Plugin changelog
CVE: Name CVE-2020-22277
Versions: Affected In <= 1.16.3.5
Fixed In 1.16.3.6
Disclosure date: 2020-11-20
Credits: Mohamad Pishdar