CVE-2023-5527
📋 TL;DR
This CSV injection vulnerability in the Business Directory Plugin for WordPress allows authenticated attackers with author-level permissions or higher to embed malicious formulas in exported CSV files. When administrators download and open these files in vulnerable spreadsheet applications like Excel, it can lead to arbitrary code execution on the local system.
💻 Affected Systems
- Business Directory Plugin for WordPress
📦 What is this software?
Business Directory by Businessdirectoryplugin
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of administrator workstations through code execution when malicious CSV files are opened in vulnerable spreadsheet software, potentially leading to lateral movement within the network.
Likely Case
Data theft or malware installation on administrator workstations when malicious CSV files are opened, with potential for credential harvesting or ransomware deployment.
If Mitigated
Limited to CSV file corruption or formula errors if proper security controls prevent execution of embedded formulas in spreadsheet applications.
🎯 Exploit Status
Exploitation requires authenticated access with author-level permissions or higher. Attack vectors are well-documented for CSV injection vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.4.4 and later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Business Directory Plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.4.4+ from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable CSV Export
allTemporarily disable CSV export functionality in the Business Directory Plugin settings
Restrict User Permissions
allRemove author-level permissions from untrusted users until patch is applied
🧯 If You Can't Patch
- Configure spreadsheet applications to disable automatic formula execution when opening CSV files
- Implement strict access controls and monitor for suspicious CSV export activities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Business Directory Plugin → Version. If version is 6.4.3 or lower, system is vulnerable.Check Version:
wp plugin list --name='Business Directory Plugin' --field=versionVerify Fix Applied:
Verify plugin version is 6.4.4 or higher in WordPress admin panel. Test CSV export functionality to ensure formulas are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual CSV export activities by author-level users
- Multiple failed CSV export attempts
- CSV exports containing formula-like patterns
Network Indicators:
- Large CSV file downloads by administrators
- Unusual outbound connections after CSV file access
SIEM Query:
source="wordpress" AND (event="csv_export" OR plugin="business-directory-plugin") AND user_role="author"🔗 References
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
- https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/class-csv-exporter.php
- https://plugins.trac.wordpress.org/browser/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
- https://plugins.trac.wordpress.org/changeset/3102475/business-directory-plugin/trunk/includes/admin/helpers/csv/class-csv-exporter.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve
