Lucene search
HistoryNov 07, 2022 - 10:15 a.m.
CVE-2022-3463
wordpress
contact form
csv injection
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.8%
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection
Affected configurations
Node
fluentformscontact_formRange<4.3.13wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fluentforms | contact_form | * | cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection
2022-11-07 00:00:00
wpexploit
wpexploit
FluentForm < 4.3.13 - CSV Injection
2022-10-17 00:00:00
openvas
openvas
WordPress Contact Form Plugin < 4.3.13 CSV Injection Vulnerability
2024-01-02 00:00:00
wpvulndb
wpvulndb
FluentForm < 4.3.13 - CSV Injection
2022-10-17 00:00:00
prion
prion
Design/Logic Flaw
2022-11-07 10:15:00
cve
cve
CVE-2022-3463
2022-11-07 10:15:11
patchstack
patchstack
WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability
2022-10-17 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.8%
Related for NVD:CVE-2022-3463