2 matches found
CVE-2022-45370
The CVE CVE-2022-45370 concerns the WebToffee WordPress Comments Import & Export plugin (versions 2.3.1 and earlier). The issue is an improper neutralization of formula elements in CSV files (CSV Injection) when importing/exporting comments, allowing unauthenticated attackers to craft CSV payload...
CVE-2018-11526
CVE-2018-11526 affects the WordPress plugin Comments Import & Export (versions 2.0.4 and earlier). The vulnerability is a CSV injection flaw in the plugin when exporting data, enabling an attacker to inject commands via form fields. Public PoCs and exploit resources describe a remote command exec...