CVE-2023-5527 - OpenCVE

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Businessdirectoryplugin	Business Directory

Configuration 1 [-]

cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php
https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-18T05:38:13.533Z

Updated: 2024-08-02T07:59:44.824Z

Reserved: 2023-10-11T16:01:36.538Z

Link: CVE-2023-5527

Vulnrichment

Updated: 2024-08-02T07:59:44.824Z

NVD

Status : Analyzed

Published: 2024-06-18T06:15:10.243

Modified: 2024-07-05T14:11:01.873

Link: CVE-2023-5527

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5527", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-10-11T16:01:36.538Z", "datePublished": "2024-06-18T05:38:13.533Z", "dateUpdated": "2024-08-02T07:59:44.824Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-18T05:38:13.533Z"}, "affected": [{"vendor": "strategy11team", "product": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "6.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."}], "title": "Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php"}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "baseScore": 7.4, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2024-06-17T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "strategy11team", "product": "business_directory_plugin", "cpes": ["cpe:2.3:a:strategy11team:business_directory_plugin:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.4.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-18T13:52:25.518684Z", "id": "CVE-2023-5527", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T13:53:51.005Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-18T13:52:25.518684Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:strategy11team:business_directory_plugin:*:*:*:*:*:*:*:*"], "vendor": "strategy11team", "product": "business_directory_plugin", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.4.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T13:53:47.324Z"}}], "cna": {"title": "Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}}], "affected": [{"vendor": "strategy11team", "product": "Business Directory Plugin \u2013 Easy Listing Directories for WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "6.4.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-17T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php"}, {"url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}], "descriptions": [{"lang": "en", "value": "The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-18T05:38:13.533Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5527", "state": "PUBLISHED", "dateUpdated": "2024-08-02T07:59:44.824Z", "dateReserved": "2023-10-11T16:01:36.538Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-18T05:38:13.533Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0B0E61EA-6015-4618-BE21-8C0213D081D4", "versionEndExcluding": "6.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration."}, {"lang": "es", "value": "El complemento Business Directory Plugin para WordPress es vulnerable a la inyecci\u00f3n CSV en versiones hasta la 6.4.3 incluida a trav\u00e9s del archivo class-csv-exporter.php. Esto permite a atacantes autenticados, con permisos de nivel de autor y superiores, incrustar entradas no confiables en archivos CSV exportados por administradores, lo que puede resultar en la ejecuci\u00f3n de c\u00f3digo cuando estos archivos se descargan y abren en un sistema local con una configuraci\u00f3n vulnerable."}], "id": "CVE-2023-5527", "lastModified": "2024-07-05T14:11:01.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-18T06:15:10.243", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "nvd@nist.gov", "type": "Primary"}]}