mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-28 15:31:27 +02:00
0xMarcio
862 B
862 B
CVE-2019-11872
Description
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.