ThreatPress

WordPress Vulnerability Database

Back

WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability

Product
weForms
Description
CSV Injection vulnerability found by Mohamad Pishdar in WordPress weForms plugin (versions <= 1.4.7).
Solution
2020-11-20 - we were unable to find information about the fix for this vulnerability.
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-2020-22276
Versions
Affected In <= 1.4.7
Fixed In 1.4.8
Disclosure date
2020-11-20
Credits
Mohamad Pishdar