WordPress TablePress 1.14 CSV Injection

2021.09.08
Credit: Nikhil Kapoor
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection # Date: 07/09/2021 # Exploit Author: Nikhil Kapoor # Vendor Homepage: # Software Link: https://wordpress.org/plugins/tablepress/ # Version: 1.14 # Category: Web Application # Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress 5.8.0 2. Install and activate TablePress 3. Navigate to TablePress >> Add New >> Enter Table Name and Description (If You want this is Optional) >> Select Number of Rows and Columns 4. Click on Add Table 5. Now in Table Content Input Field Enter CSV Injection Payload 6. Click on Save Changes 6. Now go to All Table in TablePress select our entered table >> Click on Export >> Select CSV as an Export Format. 7. Click on Download Export File 8. Open the exported CSV file you will see that CSV Injection got Successfully Executed. Payload Used :- @SUM(1+9)*cmd|' /C calc'!A0


See this note in RAW Version
Vote for this issue:
0%
100%

Comment it here.
Nick | Date: 2021-09-10 19:24 CET+1
This doesn't make sense. The vulnerability here is in Excel (or whatever program is opening the CSV file) and not TablePress. According to the details, it's only used to create a CSV file that Excel is opening without any precautions. Such a CSV file could simply be created with Notepad or any other text editor. And nobody would call that a vulnerability in Notepad... Neither TablePress, nor the WordPress site, nor the server are attacked here.
Visse | Date: 2021-09-11 09:00 CET+1
@Nick, moreover, Excel must be configured to run such payloads.
Copyright 2025, cxsecurity.com

 

Back to Top