CVE-2023-23678 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection

2023-11-0715:48:28

CWE-1236

Patchstack

www.cve.org

wordpress

cookie notice

gdpr

ccpa

eprivacy

csv injection

wpekaclub

0.001 Low

EPSS

Percentile

19.4%

JSON

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gdpr-cookie-consent",
    "product": "WP Cookie Consent ( for GDPR, CCPA & ePrivacy )",
    "vendor": "WPEkaClub",
    "versions": [
      {
        "changes": [
          {
            "at": "2.2.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.2.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/gdpr-cookie-consent/wordpress-wp-cookie-notice-for-gdpr-ccpa-eprivacy-consent-plugin-2-2-5-csv-injection-vulnerability?_s_id=cve

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2023-23678