8
CVE-2022-3558
- EPSS 0.99%
- Veröffentlicht 07.11.2022 10:15:12
- Zuletzt bearbeitet 01.05.2025 20:15:34
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginImport and export users and customers < 1.20.5 - Subscriber+ CSV Injection
Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection
The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.
Mögliche Gegenmaßnahme
Import and export users and customers: Update to version 1.20.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codection ≫ Import And Export Users And Customers SwPlatformwordpress Version < 1.20.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Import and export users and customers
Version
*-1.20.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
https://plugins.trac.wordpress.org/changeset?new=2798139%40import-users-from-csv-with-meta&old=2785785%40import-users-from-csv-with-meta
https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-876e26abdfc6
https://www.wordfence.com/threat-intel/vulnerabilities/id/50ac32ed-f83c-4afc-aac2-a79c69497091