Lucene search
HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-3634
cve-2022-3634
contact form 7
database addon
wordpress plugin
csv injection
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.6%
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
Affected configurations
Node
ciphercoincontact_form_7_database_addonRange<1.2.6.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ciphercoin | contact_form_7_database_addon | * | cpe:2.3:a:ciphercoin:contact_form_7_database_addon:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Contact Form 7 Database Addon",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.2.6.5"
}
],
"defaultStatus": "unaffected"
}
]Social References
More
Related
wpvulndb
wpvulndb
Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-10-27 00:00:00
patchstack
patchstack
prion
prion
Design/Logic Flaw
2022-11-21 11:15:00
openvas
openvas
nvd
nvd
CVE-2022-3634
2022-11-21 11:15:20
cvelist
cvelist
CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-11-21 00:00:00
cnvd
cnvd
WordPress Contact Form 7 Database Addon plugin CSV injection vulnerability
2022-11-23 00:00:00
wpexploit
wpexploit
Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-10-27 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.6%
Related for CVE-2022-3634