CSV Table Plugin Vulnerability

MEDIUM (6.5) No Patch (2 days)
cwe-22directory-traversalphppluginwordpress

Threat Intelligence

Low Risk
EPSS Score: 0.84% chance of exploitation (percentile: 74%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Simple CSV Table plugin is a WordPress plugin used to display tables in CSV format. It's a common plugin among many WordPress sites, and its vulnerability allows attackers to read arbitrary files on the server by exploiting directory traversal.

Am I affected?

You're affected if you use Simple CSV Table. Specific version info not stated in the advisory.

Affected Products

Automattic / WordPress

How to fix

To fix this issue:

  1. Update to WordPress version 5.8.1 or later, which includes a patch for this vulnerability.
  2. If you can't update immediately:
    • Remove the href parameter from the [csv] shortcode in your theme's functions.php file or via a plugin like Code Snippets.
  3. Limit access to your WordPress site's files and directories, especially those containing sensitive information.

References