CVE-2020-11548

Name of the Vulnerable Software and Affected Versions Search Meter plugin versions through 2.13.2

Description The issue allows user input introduced in the search bar to be any formula, potentially leading to remote code execution via CSV injection if a specific export is performed, specifically when accessing the "wp-admin/index.php?page=search-meter" endpoint and performing an Export action.

Recommendations For versions through 2.13.2, update to a version that fixes this issue to prevent remote code execution via CSV injection. As a temporary workaround, consider restricting access to the "wp-admin/index.php?page=search-meter" endpoint to minimize the risk of exploitation. Avoid performing the Export action on the Search Meter plugin until the issue is resolved.