5 matches found
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...
CVE-2022-3604
CVE-2022-3604 affects the WordPress plugin Contact Form Entries prior to version 1.3.0. The issue is that data exported to CSV is not validated, which can lead to CSV injection via the exported file. A PoC demonstrates crafting a CSV lead value like =5+5 that, when opened in a spreadsheet, can ex...