3 matches found
CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...
CVE-2022-3393
The CVE-2022-3393 entry covers a CSV injection flaw in the WordPress plugin Post to CSV by BestWebSoft, affecting versions 1.4.0 and earlier. Root cause: the plugin fails to properly escape fields during CSV export, enabling CSV injection. Impact: attacker-controlled CSV output could be crafted t...