Lucene search
WPScanCVE-2022-3605HistoryDec 12, 2022 - 6:15 p.m.
CVE-2022-3605
2022-12-1218:15:10
WPScan
web.nvd.nist.gov
39
wp csv exporter
wordpress
plugin
cve-2022-3605
csv injection
vulnerability
nvd
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
26.6%
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.
Affected configurations
Node
wp_csv_exporter_projectwp_csv_exporterRange<1.3.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_csv_exporter_project | wp_csv_exporter | * | cpe:2.3:a:wp_csv_exporter_project:wp_csv_exporter:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP CSV Exporter",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.3.7"
}
],
"defaultStatus": "unaffected"
}
]Related
wpexploit
wpexploit
WP CSV Exporter < 1.3.7 - CSV Injection
2022-11-29 00:00:00
cvelist
cvelist
CVE-2022-3605 WP CSV Exporter < 1.3.7 - CSV Injection
2022-12-12 17:54:46
wpvulndb
wpvulndb
WP CSV Exporter < 1.3.7 - CSV Injection
2022-11-29 00:00:00
nvd
nvd
CVE-2022-3605
2022-12-12 18:15:10
prion
prion
Input validation
2022-12-12 18:15:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
26.6%
Related for CVE-2022-3605