Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection PoC Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

WordPress Contact Form 7 Database Addon plugin <= 1.2.6.3 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Adel Bouaricha in WordPress Contact Form 7 Database Addon plugin versions = 1.2.6.3. Solution Update the WordPress to the latest available version at least 1.2.6.5...

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

Design/Logic Flaw

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

Consensys: CSV Injection at https://assets-paris-demo.codefi.network/

Summary: Hi consensys Security Team. I have found CSV Injection when generate report at https://assets-paris-demo.codefi.network/ CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or...

PT-2022-21919 · Bestwebsoft · Post To Csv

Name of the Vulnerable Software and Affected Versions: Post to CSV by BestWebSoft WordPress plugin versions 1.4.0 and earlier Description: The issue arises from the plugin's failure to properly escape fields when exporting data as CSV, leading to a CSV injection. Recommendations: For Post to CSV ...

WordPress plugin Post to CSV by BestWebSoft 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...

CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

CVE-2022-3393

The CVE-2022-3393 entry covers a CSV injection flaw in the WordPress plugin Post to CSV by BestWebSoft, affecting versions 1.4.0 and earlier. Root cause: the plugin fails to properly escape fields during CSV export, enabling CSV injection. Impact: attacker-controlled CSV output could be crafted t...

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a...

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a spreadsheet...

The vulnerability in the implementation of the Export Utility function of the Ultimate SMS Notifications plugin for WooCommerce, a content management system for WordPress websites, allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Export Utility function implementation in the Ultimate SMS Notifications plugin for WooCommerce, a content management system for WordPress websites, is related to the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability could allow ...

Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The plugin does not properly escape data when exporting it via CSV files. PoC 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui=export, and open the resulting CSV file in Excel or equivalen...

CVE-2022-3244

CVE-2022-3244 pertains to the WordPress plugin “Import all XML, CSV & TXT”. Affected versions are prior to 6.5.8, with a lack of authorization in certain areas that could allow any authenticated user to access some plugin features if they obtain the related nonce. This is a post-authentication is...

WordPress FluentForm plugin <= 4.3.12 - CSV Injection vulnerability

CSV Injection vulnerability discovered by Francesco Carlucci in WordPress FluentForm plugin versions = 4.3.12. Solution Update the WordPress Contact Form Plugin plugin to the latest available version at least 4.3.13...

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection PoC - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentformsid=1=entries - open the CSV with a...

CVE-2022-3243 Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin...