Input validation

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's...

CVE-2022-4034 Appointment Hour Booking <= 1.3.72 - CSV Injection

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's...

CVE-2022-4034 Appointment Hour Booking <= 1.3.72 - CSV Injection

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's...

CVE-2022-4034

The WordPress Appointment Hour Booking Plugin is affected by a CSV Injection vulnerability in versions up to and including 1.3.72. Unauthenticated attackers can embed untrusted input into booking content, which may be exported as a CSV file and opened on a vulnerable system, potentially resulting...

Code injection

A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

Appointment Hour Booking < 1.3.73 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection...

Team Johnlong software Raiden MAILD Mail Server 安全漏洞

Team Johnlong software Raiden MAILD Mail Server is a mail server software from Team Johnlong software. A security vulnerability exists in Team Johnlong software Raiden MAILD Mail Server versions prior to v4.7.4. The vulnerability originates from the fact that a remote attacker with general user...

PT-2022-25353 · WordPress · Appointment Hour Booking Plugin

Name of the Vulnerable Software and Affected Versions: Appointment Hour Booking Plugin for WordPress versions up to, and including, 1.3.72 Description: The issue allows unauthenticated attackers to embed untrusted input into content during booking creation, which may be exported as a CSV file whe...

WordPress plugin Appointment Hour Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. PoC - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

CVE-2022-3603

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

Design/Logic Flaw

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

CVE-2022-3603

The CVE-2022-3603 issue affects the WordPress plugin “Export customers list csv for WooCommerce” (and related WordPress export functionality). The vulnerability is due to lack of data validation when outputting data back into a CSV file, enabling CSV injection. Affected versions are prior to 2.0....

CVE-2022-3603 Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

CVE-2022-3603 Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

WordPress Contact Form 7 Database Addon plugin CSV Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

Event Registration App CSV Injection Vulnerability

Event Registration App is a JavaScript application for registering event participants by Carlo Montero Personal Developer. A CSV injection vulnerability exists in Carlo Montero Event Registration App v1.0, which stems from improper use of the formula elements of the First Name, Contact, and Remar...

WordPress Easy Digital Downloads plugin CSV Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

WordPress Contact Form 7 Database Addon Plugin < 1.2.6.5 CSV Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...