WooCommerce - Store Exporter < 2.4 - CSV Injection



Description
"A CSV Injection vulnerability was discovered in WooCommerce - Store Exporter v 2.3.1. It allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible command/code execution."

Affects Plugin

fixed in version 2.4

References

URL https://fortiguard.com/zeroday/FG-VD-20-001

Classification

Type UNKNOWN

Miscellaneous

Original Researcher Vishnupriya Ilango of Fortinet's FortiGuard Labs
Views 125207
Verified No
WPVDB ID 10015

Timeline

Publicly Published 2020-01-09 (5 months ago)
Added 2020-01-09 (5 months ago)
Last Updated 2020-01-10 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin