Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitFrancesco CarlucciWPEX-ID:28ECDF61-E478-42C3-87C0-80A9912EADB2
HistoryNov 29, 2022 - 12:00 a.m.

WP CSV Exporter < 1.3.7 - CSV Injection

2022-11-2900:00:00
Francesco Carlucci
414
wordpress
csv exporter
security vulnerability
data export
formula injection

EPSS

0.001

Percentile

26.6%

JSON

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

- create a post using =5+5 as the title
- export the data as CSV
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed

Related

nvd 1
cvelist 1
wpvulndb 1
prion 1
cve 1
nvd
nvd
CVE-2022-3605
2022-12-12 18:15:10
cvelist
cvelist
CVE-2022-3605 WP CSV Exporter < 1.3.7 - CSV Injection
2022-12-12 17:54:46
wpvulndb
wpvulndb
WP CSV Exporter < 1.3.7 - CSV Injection
2022-11-29 00:00:00
prion
prion
Input validation
2022-12-12 18:15:00
cve
cve
CVE-2022-3605
2022-12-12 18:15:10

EPSS

0.001

Percentile

26.6%

JSON
Related for WPEX-ID:28ECDF61-E478-42C3-87C0-80A9912EADB2
nvd1cvelist1wpvulndb1prion1cve1