Lucene search
HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-3634
wordpress
plugin
validation
csv injection
security vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.5%
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
Affected configurations
Node
ciphercoincontact_form_7_database_addonRange<1.2.6.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ciphercoin | contact_form_7_database_addon | * | cpe:2.3:a:ciphercoin:contact_form_7_database_addon:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Design/Logic Flaw
2022-11-21 11:15:00
openvas
openvas
wpexploit
wpexploit
Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-10-27 00:00:00
cve
cve
CVE-2022-3634
2022-11-21 11:15:20
cnvd
cnvd
WordPress Contact Form 7 Database Addon plugin CSV injection vulnerability
2022-11-23 00:00:00
cvelist
cvelist
CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-11-21 00:00:00
wpvulndb
wpvulndb
Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection
2022-10-27 00:00:00
patchstack
patchstack
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.5%
Related for NVD:CVE-2022-3634