WordPress Plugin TablePress 1.14 - CSV Injection

vendor:

TablePress

by:

Nikhil Kapoor

8,8

CVSS

HIGH

CSV Injection

N/A

CWE

Product Name: TablePress

Affected Version From: 1.14

Affected Version To: 1.14

Patch Exists: YES

Related CWE: N/A

CPE: /a:wordpress:wordpress:5.8.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2021

WordPress Plugin TablePress 1.14 – CSV Injection

This vulnerability allows an attacker to inject malicious code into a CSV file exported from the TablePress plugin in WordPress. By entering a specially crafted payload into the Table Content Input Field, an attacker can inject malicious code into the CSV file when it is exported. When the CSV file is opened, the malicious code will be executed.

Mitigation:

To mitigate this vulnerability, users should update to the latest version of TablePress.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection 
# Date: 07/09/2021
# Exploit Author: Nikhil Kapoor
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/tablepress/
# Version: 1.14
# Category: Web Application
# Tested on Windows

How to Reproduce this Vulnerability:

1. Install WordPress 5.8.0
2. Install and activate TablePress
3. Navigate to TablePress >> Add New >> Enter Table Name and Description (If You want this is Optional) >> Select Number of Rows and Columns
4. Click on Add Table
5. Now in Table Content Input Field Enter CSV Injection Payload
6. Click on Save Changes
6. Now go to All Table in TablePress select our entered table >> Click on Export >> Select CSV as an Export Format.
7. Click on Download Export File
8. Open the exported CSV file you will see that CSV Injection got Successfully Executed.

Payload Used :- @SUM(1+9)*cmd|' /C calc'!A0