UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, cd0a82b3704ec676b4453be7616ae7f5da2543b3

CVE, Research URL: cd0a82b3704ec676b4453be7616ae7f5da2543b3
Home page URL: Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Application: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Published on: Dec 21, 2022
Research Description: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP [userswp] < 1.2.3.10 UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection The UsersWP plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.2.3.9 via the process_users_export function. This allows administrator-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Affected versions: max 1.2.3.10.
Status: vulnerable

UsersWP &#8211; Front-end login form, User Registration, User Profile &amp; Members Directory plugin for WordPress, cd0a82b3704ec676b4453be7616ae7f5da2543b3