CVE-2020-22275

high

Description

Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.

References

https://filebin.net/30ceikgukh268yyj

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22275.pdf

http://uploadboy.com/ty0715vdcii6/886/mp4

Details

Source: Mitre, NVD

Published: 2020-11-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01048