Security Alert: CSV injection vulnerability

  • Resolved moritzgrumbach

    (@moritzgrumbach)


    3 years, 3 months ago

    Hi, having your Plugin as a premium version, I get a security alert by several security plugins claiming that Site Revies has a CSV injection vulnerability. Will you fix that, or is there a workaround to get things safe again? Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Yui

    (@fierevere)

    永子

    3 years, 3 months ago

    For pro or commercial product support please contact the developer directly on their site.
    This includes any pre-sales topics as well.
    As the developer is aware, commercial products are not supported in these forums.
    I am sure they will have no problem supporting you there.

    Thread Starter moritzgrumbach

    (@moritzgrumbach)

    3 years, 3 months ago

    will do. thx!

    Plugin Author Gemini Labs

    (@geminilabs)

    3 years, 3 months ago

    This topic has nothing to do with Site Reviews Premium.

    That particular CSV vulnerability was fixed in Site Reviews v6.4.0. Please make sure you are always using the latest version of Site Reviews.

    Also, you would have only been vulnerable IF you had exported your reviews to a CSV file, AND IF some of the reviews had had an Excel formula in the title or content of the review, AND IF those Excel formulas were intentionally malicious in some way, AND IF that exported CSV file was then opened in a vulnerable CSV reader application on your computer by an unauthorised person with ill intent (i.e. using an Excel formula to display the system password).

    In other words, extremely unlikely!

    • This reply was modified 3 years, 3 months ago by Gemini Labs.
    • This reply was modified 3 years, 3 months ago by Yui.
    • This reply was modified 3 years, 3 months ago by Steven Stern (sterndata).
Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Alert: CSV injection vulnerability’ is closed to new replies.