2 matches found
CVE-2023-5527 Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...
WordPress Business Directory Plugin Plugin <= 6.4.3 is vulnerable to CSV Injection
Software Business Directory Plugin Type Plugin Vulnerable versions = 6.4.3 Fixed in 6.4.4 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5527 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID fa4533c87625 Credits Dmitrii Ignatyev Required privilege Auth...