Export Users to CSV <= 1.4.2 - CSV Injection



Description
An attacker can register themselves as a subscriber in a WordPress website and provide malicious payloads (formula) into the user account details field. When an authenticated admin uses the Export Users to CSV plugin to export the details of all the users into a CSV file and open it, the payload gets executed and can lead to unintended actions such as redirections to unknown/harmful websites.

February 08, 2020 - Report submitted to the developer by researcher
February 26th, 2020 - No update from developer after multiple attempts. Escalated to WP Plugin Team. Release of the advisory.
Proof of Concept The PoC will be displayed once the issue has been remediated.

Affects Plugin

no known fix
- plugin closed

References

CVE 2020-9466
URL https://www.getastra.com/blog/911/plugin-exploit/csv-injection-in-export-users-to-csv-wordpress-plugin/
URL https://www.jinsonvarghese.com/csv-injection-in-export-users-to-csv-plugin/

Classification

Type UNKNOWN

Miscellaneous

Original Researcher Jinson Varghese Behanan
Submitter Jinson Varghese Behanan
Submitter Website https://www.jinsonvarghese.com
Submitter Twitter JinsonCyberSec
Views 3183
Verified No
WPVDB ID 10094

Timeline

Publicly Published 2020-02-26 (about 1 month ago)
Added 2020-02-26 (about 1 month ago)
Last Updated 2020-02-29 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin