CVE-2022-46801 WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection

2023-11-0716:11:31

CWE-1236

Patchstack

www.cve.org

wordpress

site reviews plugin

6.2.0

csv injection

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "site-reviews",
    "product": "Site Reviews",
    "vendor": "Paul Ryley",
    "versions": [
      {
        "changes": [
          {
            "at": "6.4.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.2.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]