Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:7 p.m.7 views

CVE-2022-3600

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...

9.8CVSS6.6AI score0.01218EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 11:2 p.m.7 views

CVE-2022-3574

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection...

9.8CVSS6.8AI score0.01318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.7 views

CVE-2022-3249

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks...

7.2CVSS7.3AI score0.0097EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.6 views

CVE-2022-45360

Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1...

9.8CVSS8.5AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.8 views

CVE-2022-3026

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

8.8CVSS7AI score0.01053EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:44 p.m.5 views

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

9.3CVSS7.3AI score0.01393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.5 views

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

9.8CVSS6.8AI score0.01679EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.7 views

CVE-2022-2798

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data...

8CVSS7AI score0.0095EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.9 views

CVE-2022-22425

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."...

9.8CVSS7.3AI score0.01089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.7 views

CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks...

8.8CVSS6.7AI score0.01189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.5 views

CVE-2022-1470

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.00739EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.7 views

CVE-2022-1566

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...

4.8CVSS6AI score0.0064EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.8 views

CVE-2022-3463

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection...

9.8CVSS6.6AI score0.01231EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.5 views

CVE-2022-3605

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability...

7.8CVSS7AI score0.0041EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.6 views

CVE-2022-3393

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...

9.8CVSS6.6AI score0.01279EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.8 views

CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues...

4.8CVSS6AI score0.00689EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:58 p.m.11 views

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

8.8CVSS8AI score0.00823EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.12 views

CVE-2022-2429

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing...

8CVSS7AI score0.00653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 p.m.17 views

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

8.8CVSS8AI score0.00682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:44 p.m.5 views

CVE-2022-45810

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a throu...

9.8CVSS8.5AI score0.00629EPSS
Exploits0References1
Rows per page
Query Builder