2 matches found
CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...
CVE-2022-3558
CVE-2022-3558 affects the WordPress plugin Import and export users and customers, prior to version 1.20.5. The vulnerability arises from improper escaping of data when exporting to CSV, which enables CSV injection. The issue is demonstrated by a PoC showing crafted data (e.g., nickname payload) e...