Lucene search
Francesco CarlucciWPEX-ID:300EBFCD-C500-464E-B919-ACFEB72593DEHistoryOct 21, 2022 - 12:00 a.m.
Contact Form Entries < 1.3.0 - CSV Injection
2022-10-2100:00:00
Francesco Carlucci
65
contact form 7
ninja forms
elementor forms
wp forms
csv injection
spreadsheet application
exploit
0.001 Low
EPSS
Percentile
21.7%
The plugin does not validate data when its output in a CSV file, which could lead to CSV injection.
- Submit a form (using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms) using =5+5 as the value
- Export the data as CSV (/wp-admin/admin.php?page=vxcf_leads)
- Open the CSV with a spreadsheet application (Excel, Libre Office)
- The CSV formula gets executed Related
wpvulndb
wpvulndb
Contact Form Entries < 1.3.0 - CSV Injection
2022-10-21 00:00:00
nvd
nvd
CVE-2022-3604
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection
2024-01-16 15:52:59
cve
cve
CVE-2022-3604
2024-01-16 16:15:09
prion
prion
Design/Logic Flaw
2024-01-16 16:15:00