CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-40476

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00446EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:3 a.m.•4 views

CVE-2023-36527

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...

8.8CVSS8.5AI score0.00446EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:7 p.m.•2 views

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.8CVSS6.6AI score0.02281EPSS

Exploits2References1

OSV•added 2023/11/07 4:15 p.m.•0 views

CVE-2023-36527

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...

8.8CVSS5.8AI score0.00446EPSS

Exploits0References1

NVD•added 2023/11/07 4:15 p.m.•10 views

CVE-2023-36527

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0...

8.8CVSS0.00446EPSS

Exploits0References1

ATTACKERKB•added 2023/11/07 4:15 p.m.•2 views

CVE-2023-36527

A vulnerability in bestweblayout Post to CSV by BestWebSoft post-to-csv.This issue affects Post to CSV by BestWebSoft: from n/a through = 1.4.0...

8.8CVSS8.5AI score0.00446EPSS

Exploits0References3

CVE•added 2023/11/07 4:4 p.m.•30 views

CVE-2023-36527

CVE-2023-36527 affects the WordPress plugin Post to CSV by BestWebSoft. The vulnerability stems from improper neutralization of formula elements in CSV files, enabling CSV injection. Affected versions are

8.8CVSS8.5AI score0.00446EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/11/07 12:0 a.m.•2 views

PT-2023-25610 · Bestwebsoft · Post To Csv

Name of the Vulnerable Software and Affected Versions: BestWebSoft Post to CSV versions 1.4.0 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file. This can potentially lead to unintended actions when the CSV file is opened or processed...

8.8CVSS9.3AI score0.00446EPSS

Exploits0References3

Patchstack•added 2023/06/27 12:0 a.m.•9 views

WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection

Software Post to CSV by BestWebSoft Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.4.1 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-36527 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 7da5ccbd6441 Credits Mika Required privilege Author Publish...

8.8CVSS6.8AI score0.00446EPSS

Exploits0References2Affected Software1

NVD•added 2022/10/25 5:15 p.m.•7 views

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.8CVSS0.02281EPSS

Exploits2References1

OSV•added 2022/10/25 5:15 p.m.•1 views

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.8CVSS5.8AI score0.02281EPSS

Exploits2References1

Cvelist•added 2022/10/25 12:0 a.m.•12 views

CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.7AI score0.02281EPSS

Exploits2References1

Vulnrichment•added 2022/10/25 12:0 a.m.•4 views

CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.6AI score0.02281EPSS

Exploits2References1

CVE•added 2022/10/25 12:0 a.m.•67 views

CVE-2022-3393

The CVE-2022-3393 entry covers a CSV injection flaw in the WordPress plugin Post to CSV by BestWebSoft, affecting versions 1.4.0 and earlier. Root cause: the plugin fails to properly escape fields during CSV export, enabling CSV injection. Impact: attacker-controlled CSV output could be crafted t...

9.8CVSS9.7AI score0.02281EPSS

Exploits2References1Affected Software1

CNNVD•added 2022/10/25 12:0 a.m.•1 views

WordPress plugin Post to CSV by BestWebSoft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

9.8CVSS7.2AI score0.02281EPSS

Exploits2References2

Patchstack•added 2022/10/03 12:0 a.m.•20 views

WordPress Post to CSV by BestWebSoft plugin <= 1.4.0 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Francesco Carlucci in WordPress Post to CSV by BestWebSoft plugin versions = 1.4.0. Solution Deactivate and delete. This plugin has been closed as of September 28, 2022 and is not available for download. This closure is temporary, pending a...

9.8CVSS2.5AI score0.02281EPSS

Exploits2References1Affected Software1

wpexploit•added 2022/10/03 12:0 a.m.•352 views

Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets...

9.8CVSS0.4AI score0.02281EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by