CVE-2022-3393

🗓️ 25 Oct 2022 00:00:00Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 66 Views🌐 WEB

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-3393	25 Oct 202220:26	–	circl
CNNVD	WordPress plugin Post to CSV by BestWebSoft 安全漏洞	25 Oct 202200:00	–	cnnvd
CNVD	WordPress Post to CSV by BestWebSoft CSV Injection Vulnerability	28 Oct 202200:00	–	cnvd
Cvelist	CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection	25 Oct 202200:00	–	cvelist
EUVD	EUVD-2022-42770	3 Oct 202520:07	–	euvd
NVD	CVE-2022-3393	25 Oct 202217:15	–	nvd
OSV	CVE-2022-3393	25 Oct 202217:15	–	osv
Patchstack	WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability	3 Oct 202200:00	–	patchstack
Prion	Design/Logic Flaw	25 Oct 202217:15	–	prion
Positive Technologies	PT-2022-21919 · Bestwebsoft · Post To Csv	25 Oct 202200:00	–	ptsecurity

NVD

Vulners

Node

bestwebsoft post_to_csvRange≤1.4.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "Post to CSV by BestWebSoft",
    "versions": [
      {
        "version": "1.4.0",
        "status": "affected",
        "lessThanOrEqual": "1.4.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/689b4c42-c516-4c57-8ec7-3a6f12a3594e

Parameter	Position	Path	Description	CWE
title	request body	/wp-admin/admin.php?page=post-to-csv.php	CSV injection vulnerability during export due to unescaped fields in the Post to CSV plugin	CWE-1236

07 May 2025 14:15Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.02281

SSVC

CWE-1236