Vulnerability in this plugin

  • This plugin is being flagged by WPScan as having a vulnerability for CSV injection.

    From WPScan:

    “Easy Registration Forms (ER Forms) WordPress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.”

    https://wpscan.com/vulnerability/2f32bcd9-7902-4f05-ab23-2fa50720d90b

    It is still being flagged on version 2.1.1.

    The initial discovery was made 20/11/2020 – 8 months ago.

    @easyregistrationforms what is the status for a fix for this issue?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Vulnerability in this plugin’ is closed to new replies.

Tags