Design/Logic Flaw

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858

CVE-2022-27858 refers to a CSV injection vulnerability in the WordPress plugin Activity Log (Team Activity Log) versions ≤ 2.8.3. The weakness stems from the plugin not validating data before exporting to CSV, enabling injection in CSV fields. Impact is described as CSV injection; remediation is ...