7.2
CVE-2022-45078
- EPSS 0.69%
- Veröffentlicht 07.11.2023 17:15:07
- Zuletzt bearbeitet 28.04.2026 19:18:57
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress User Blocker Plugin <= 1.5.5 is vulnerable to CSV Injection
User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection
Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5.
Mögliche Gegenmaßnahme
User Blocker: Update to version 1.5.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Solwininfotech ≫ User Blocker SwPlatformwordpress Version <= 1.5.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
User Blocker
Version
*-1.5.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.479 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 5.9 | 1.7 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
https://patchstack.com/database/vulnerability/user-blocker/wordpress-user-blocker-plugin-1-5-5-auth-csv-injection-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ee6dedb-72bc-43b0-a7cb-9069533df705