cbcvebase.
CVE-2023-5527
published 2024-06-18

CVE-2023-5527: The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file…

PriorityP342high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.49%
38.5th percentile
The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Affected

2 ranges
VendorProductVersion rangeFixed in
businessdirectorypluginbusiness_directory< 6.4.46.4.4
strategy11teambusiness_directory_plugin_easy_listing_directories_for_wordpress<= 6.4.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.