CVE-2023-5424

Name of the Vulnerable Software and Affected Versions WS Form LITE plugin for WordPress versions up to, and including, 1.9.217

Description The issue allows unauthenticated attackers to embed untrusted input into exported CSV files. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Recommendations For versions up to, and including, 1.9.217, update to a version later than 1.9.217 to resolve the issue. As a temporary workaround, consider restricting access to the CSV export feature until a patch is available. Avoid opening exported CSV files from untrusted sources on a local system to minimize the risk of exploitation.