CVE-2020-22275

Name of the Vulnerable Software and Affected Versions Easy Registration Forms (ER Forms) Wordpress Plugin version 2.0.6

Description The issue allows an attacker to submit an entry with malicious CSV commands. When the system administrator generates CSV output from the forms information, there is no check on these inputs, and the codes are executable. This can lead to the execution of malicious commands.

Recommendations For Easy Registration Forms (ER Forms) Wordpress Plugin version 2.0.6, consider disabling the CSV output generation feature until a patch is available to prevent the execution of malicious commands. Restrict access to the forms information to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.