CVE-2021-24441

CVE-2021-24441: Sign-up Sheets < 1.0.14 - Authenticated CSV Injection

Vendor Unknown
Product Sign-up Sheets
Weakness CWE-1236
Published July 12, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

Key dates

02Disclosure timeline

July 12, 2021 CVE published
August 3, 2024 Record updated