CVE-2025-11254
BaseFortify
Publication date: 2025-10-11
Last updated on: 2025-10-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | contest_gallery | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CSV Injection in the Contest Gallery WordPress plugin (up to version 27.0.3). It allows unauthenticated attackers to inject malicious input into CSV files generated by the plugin through gallery submissions. When these CSV files are downloaded and opened in spreadsheet software, the injected content can execute code or commands if the software interprets the CSV cells as formulas or commands.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can embed malicious formulas or code into exported CSV files. When a user downloads and opens these CSV files in a vulnerable spreadsheet application, the malicious content can execute, potentially leading to unauthorized actions or code execution on the user's local system. This can compromise the user's data or system security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking exported CSV files generated by the Contest Gallery plugin for suspicious CSV injection patterns, such as cells starting with '=', '+', '-', '@', or a leading tab character. Since the vulnerability involves unauthenticated attackers embedding malicious input into CSV exports, monitoring for unexpected CSV files or scanning CSV content for these patterns is recommended. Specific commands are not provided in the resources, but a practical approach could be to use text search tools (e.g., grep) to scan CSV files for lines starting with these characters. For example, on a system with exported CSV files, you might run: grep -P '^(=|\+|-|@|\t)' *.csv to identify potentially malicious CSV content. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Contest Gallery plugin to version 28.0.0 or later, which includes security improvements such as the `cg_neutralize_csv_value` function that sanitizes CSV cell values to prevent CSV injection attacks. Additionally, enabling backend form protections like Google reCAPTCHA can help reduce unauthenticated malicious submissions. Until the update is applied, avoid opening CSV exports from untrusted sources in vulnerable spreadsheet software or open them in a text editor to prevent code execution. [2]