CVE-2019-20180

Description

The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2019-20180
Base Score: 6.8
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.9

nvd
CVE ID: CVE-2019-20180
Base Score: 6.0
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:S/C:P/I:P/A:P

Refrence: NVD MITRE

Description​

Description