Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbFrancesco CarlucciWPVDB-ID:28ECDF61-E478-42C3-87C0-80A9912EADB2
HistoryNov 29, 2022 - 12:00 a.m.

WP CSV Exporter < 1.3.7 - CSV Injection

2022-11-2900:00:00
Francesco Carlucci
wpscan.com
20
plugin
csv exporter
data escaping
vulnerability
software
csv formula

EPSS

0.001

Percentile

26.6%

JSON

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

PoC

- create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application (Excel, Libre Office) - the CSV formula gets executed

Related

wpexploit 1
nvd 1
cvelist 1
prion 1
cve 1
wpexploit
wpexploit
WP CSV Exporter < 1.3.7 - CSV Injection
2022-11-29 00:00:00
nvd
nvd
CVE-2022-3605
2022-12-12 18:15:10
cvelist
cvelist
CVE-2022-3605 WP CSV Exporter < 1.3.7 - CSV Injection
2022-12-12 17:54:46
prion
prion
Input validation
2022-12-12 18:15:00
cve
cve
CVE-2022-3605
2022-12-12 18:15:10

EPSS

0.001

Percentile

26.6%

JSON
Related for WPVDB-ID:28ECDF61-E478-42C3-87C0-80A9912EADB2
wpexploit1nvd1cvelist1prion1cve1