WordPress TablePress 1.14 CSV Injection

2021.09.08

Credit: Nikhil Kapoor

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection
# Date: 07/09/2021
# Exploit Author: Nikhil Kapoor
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/tablepress/
# Version: 1.14
# Category: Web Application
# Tested on Windows
How to Reproduce this Vulnerability:
1. Install WordPress 5.8.0
2. Install and activate TablePress
3. Navigate to TablePress >> Add New >> Enter Table Name and Description (If You want this is Optional) >> Select Number of Rows and Columns
4. Click on Add Table
5. Now in Table Content Input Field Enter CSV Injection Payload
6. Click on Save Changes
6. Now go to All Table in TablePress select our entered table >> Click on Export >> Select CSV as an Export Format.
7. Click on Download Export File
8. Open the exported CSV file you will see that CSV Injection got Successfully Executed.
Payload Used :- @SUM(1+9)*cmd|' /C calc'!A0

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress TablePress 1.14 CSV Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.