• Resolved sujatab

    (@sujatab)


    Hi Team,
    Our host scan has been reporting this version 1.14 as vulnerable . Please check the detailed steps to reproduce CSV Injection
    https://www.exploit-db.com/exploits/50270

    Please check/provide update or updated version/patch.

    • This topic was modified 3 years, 2 months ago by sujatab.
    • This topic was modified 3 years, 2 months ago by sujatab.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author TobiasBg

    (@tobiasbg)

    Hi,

    thanks for your post, and sorry for the trouble.

    Please be assured that I take security in TablePress very serious. This report however is invalid, so that there’s nothing to fix in TablePress. There is no such vulnerability in TablePress 1.14.

    If you read the description closely, TablePress is merely used to create a CSV file that brings problems to Excel. This can however be done with every simple text editor, like Notepad, so that you would have to create an exploit report for every simple text editor software, as they all can create arbitrary CSV files.

    TablePress does not have a security issue here. It’s not producing invalid CSV files or anything like that. It’s not possible to attack TablePress, the WordPress site that uses it, or the server where it’s running on.
    It’s the programs like Excel that mis-interpret the content of a CSV file – which they simply should not be doing.

    Regards,
    Tobias

Viewing 1 replies (of 1 total)
  • The topic ‘Plugin Version 1.14 Reported as Vulnerable. Any Update’ is closed to new replies.