Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-2429
HistorySep 06, 2022 - 6:15 p.m.

Input validation

2022-09-0618:15:00
PRIOn knowledge base
www.prio-n.com
11
ultimate sms notifications
woocommerce plugin
csv injection
wordpress
export utility
authenticated attackers
billing information
code execution
nvd

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the ‘Export Utility’ functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

Related

nvd 1
cvelist 1
cve 1
patchstack 1
nvd
nvd
CVE-2022-2429
2022-09-06 18:15:13
cvelist
cvelist
CVE-2022-2429 Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection
2022-09-06 17:18:56
cve
cve
CVE-2022-2429
2022-09-06 18:15:13
patchstack
patchstack
WordPress Ultimate SMS Notifications for WooCommerce plugin <= 1.4.1 - CSV Injection vulnerability
2022-08-29 00:00:00

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON
Related for PRION:CVE-2022-2429
nvd1cvelist1cve1patchstack1