Title: Droogs's Replies | WordPress.org

---

# Droogs

  [  ](https://wordpress.org/support/users/droogs/)

 *   [Profile](https://wordpress.org/support/users/droogs/)
 *   [Topics Started](https://wordpress.org/support/users/droogs/topics/)
 *   [Replies Created](https://wordpress.org/support/users/droogs/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/droogs/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/droogs/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/droogs/engagements/)
 *   [Favorites](https://wordpress.org/support/users/droogs/favorites/)

 Search replies:

## Forum Replies Created

Viewing 13 replies - 1 through 13 (of 13 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Converter for Media - Optimize images | Convert WebP & AVIF] Image Tagging](https://wordpress.org/support/topic/image-tagging/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [3 years, 2 months ago](https://wordpress.org/support/topic/image-tagging/#post-16584809)
 * [https://www.w3.org/WAI/tutorials/images/decorative/](https://www.w3.org/WAI/tutorials/images/decorative/)
 * When we ADA tag everything there are decorative images that don’t need a tag 
   because they are purely for show and don’t need explanation. By tagging them 
   as decorative the accessibility readers skip them for the ADA user.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] WordFence Alerts Critical for Vulenrability](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/)
 *  [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/page/5/#post-16114636)
 * Thanks for reaching out! We are not incorrectly flagging the vulnerability, the
   CVE is explicitly assigned to TablePress, CVE-2019–20180, and does not apply 
   to all text editors/spreadsheet software in general. Here is the original public
   disclosure link from back in 2019: [https://medium.com/@Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8](https://medium.com/@Pablo0xSantiago/cve-2019-20180-tablepress-version-1-9-2-csv-injection-65309fcc8be8).
   ​
   I have tried to work with Tobias from TablePress to explain the inherent risks
   of leaving such a vulnerability in his plugin, however, he disagrees on responsibility
   pointing the blame of CSV software rather than providing a patch in his plugin.
   At this point we have not been able to come to terms with the developer. Since
   this vulnerability has a CVE, and we deem it as a security risk based on industry
   standards, we will not be removing the vulnerability from our vulnerability database
   which returns scan results. The plugin will show-up as unpatched until the developer
   has patched the vulnerability.
 * Just to share more details, TablePress has a CSV Injection vulnerability, which
   is a vulnerability that occurs when a software allows formulas to be injected
   into CSV files created by the software. Please see CWE [https://cwe.mitre.org/data/definitions/1236.html](https://cwe.mitre.org/data/definitions/1236.html)
   When exporting tables from TablePress there is no neutralization of any formulas
   that have been added to a table which is what creates the CSV Injection vulnerability.
   This means a user with access to TablePress, such as an Editor, can inject CSV
   formulas into a table and if another victim, such as a site’s administrator, 
   exports the table and opens it in a CSV software such as Excel or Google Sheets
   then that formula will run. These formulas can be used to achieve code execution
   on the victim machine or exfiltrate information from the CSV software.
 * Please be aware that it is a very minimal security risk as there are many steps
   to exploitation and it is unlikely to be seen exploited in the wild. However,
   that doesn’t eliminate the fact that it is a security risk and the developer 
   can do something about it.
 * Thanks and have a great day!
 * Chloe Chamberland
    Wordfence Threat Intelligence Lead____________________ M.S.
   Cybersecurity and Information Assurance OSCP | OSWP | OSWE | eWPT | C|EH | E|
   CSA | CHFI | Security+ | CySA+ | PenTest+ | CASP+ | SSCP | CISSP | AWS CCP | 
   AWS SAA | AWS Security Specialty Defiant Inc[defiant.com]. The people behind…
   Wordfence – Security for WordPress Websites
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] WordFence Alerts Critical for Vulenrability](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/)
 *  [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/page/5/#post-16114546)
 * We have been in contact with the plugin author that the vulnerability we have
   found is valid and correct so we will continue to mark it as such in scans until
   they patch the vulnerabiltiy.
 * Kind regards,
 * Phil
    Customer Support Engineer
 * Wordfence – Security for WordPress Websites
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] WordFence Alerts Critical for Vulenrability](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/)
 *  [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/page/5/#post-16113610)
 * You are the best!!!!!!!!!!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] Using aria-labelledby and aria-describedby](https://wordpress.org/support/topic/using-aria-labelledby-and-aria-describedby-2/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/using-aria-labelledby-and-aria-describedby-2/#post-15836585)
 * The ARIA errors on this page appear legitimate. The tables have aria-describedby
   =”tablepress-30-description” attributes, but there are no elements in the page
   with id=”tablepress-30-description”. This creates a broken relationship and a
   description that is not present for the tables, thus the WAVE errors.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Max Mega Menu] More than one Moblie Menu link on a row](https://wordpress.org/support/topic/more-than-one-moblie-menu-link-on-a-row/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [7 years, 1 month ago](https://wordpress.org/support/topic/more-than-one-moblie-menu-link-on-a-row/#post-11504868)
 * done thanks
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Max Mega Menu] More than one Moblie Menu link on a row](https://wordpress.org/support/topic/more-than-one-moblie-menu-link-on-a-row/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [7 years, 1 month ago](https://wordpress.org/support/topic/more-than-one-moblie-menu-link-on-a-row/#post-11504328)
 * certifiedfed.com
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Error runnin scan](https://wordpress.org/support/topic/error-runnin-scan/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/error-runnin-scan/#post-10899961)
 * If I need to change permissions, where and to what?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Error runnin scan](https://wordpress.org/support/topic/error-runnin-scan/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [7 years, 6 months ago](https://wordpress.org/support/topic/error-runnin-scan/#post-10899927)
 * I have unchecked the Scan files outside your WordPress installation and still
   no luck.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[ReCaptcha Integration for WordPress] Conflict with Gravity forms Recaptcha](https://wordpress.org/support/topic/conflict-with-gravity-forms-recaptcha/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/conflict-with-gravity-forms-recaptcha/#post-7582053)
 * The plugin has an enable/disable feature depending on the login status of the
   user. I noticed if I was logged in, the recaptcha would work, but if I were logged
   out it would not appear. So I think this feature of the plugin is causing conflicts
   when Gravity Forms is trying to show a recatpcha.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[wp2pgpmail] Bunched upo output](https://wordpress.org/support/topic/bunched-upo-output/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [12 years, 6 months ago](https://wordpress.org/support/topic/bunched-upo-output/#post-4323520)
 * How is the update coming?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] Centering the contents of a cell](https://wordpress.org/support/topic/centering-the-contents-of-a-cell/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/centering-the-contents-of-a-cell/#post-4246184)
 * [http://tablepress.org/demo/](http://tablepress.org/demo/)
 * If you go tot he demo site you have. We are trying to center the contents under
   the header. In the first table you have, the numbers in the cells under the header
   are left justified. We are trying to center them. Please help.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[TablePress - Tables in WordPress made easy] Centering the contents of a cell](https://wordpress.org/support/topic/centering-the-contents-of-a-cell/)
 *  Thread Starter [Droogs](https://wordpress.org/support/users/droogs/)
 * (@droogs)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/centering-the-contents-of-a-cell/#post-4246182)
 * Do you have a private email address I can send the link too?

Viewing 13 replies - 1 through 13 (of 13 total)