CVE-2022-3605

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
wp_csv_exporter_projectwp_csv_exporter
𝑥
< 1.3.7
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/28ecdf61-e478-42c3-87c0-80a9912eadb2
https://wpscan.com/vulnerability/28ecdf61-e478-42c3-87c0-80a9912eadb2