3 matches found
WordPress WordCamp Talks plugin <= 1.0.0-beta2 - Formula injection via CSV exports
The WordCamp Talks plugin does not sanitize CSV exports properly, which can lead to spreadsheet formula injection via malicious user input. Solution Update the plugin...
WordCamp Talks <= 1.0.0-beta2 - Formula injection via CSV exports
Fixed in version 1.0.0-beta3...
Ian Dunn: HTML injection-WordCamp Talks plugin
This report was about the possibility to inject malicious HTML into wp-admin via comments on the talks post type. Examples of malicious input were: The report suggested that those input could be used in phishing attacks, since the images would be displayed in wp-admin, where an administrator migh...