Hustle <= 6.0.7 - Unauthenticated CSV Injection

Affects Plugin

fixed in version 6.0.8.1

References

CVE 2019-11872
URL https://blog.reddy.io/2019/05/24/reddy-solutions-found-a-csv-injection-vulnerability-in-hustle-wordpress-plugin/
URL https://plugins.trac.wordpress.org/changeset/2085075/wordpress-popup

Classification

Type UNKNOWN

Miscellaneous

Original Researcher Mark Parfeniuk (REDdy Solutions)
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 4605
Verified No
WPVDB ID 9326

Timeline

Publicly Published 2019-05-24 (6 months ago)
Added 2019-05-31 (6 months ago)
Last Updated 2019-11-13 (1 day ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin