CVE-2022-0142

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Configurations

Configuration 1

cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-04-12 12:15

Updated : 2022-06-13 01:15


NVD link : CVE-2022-0142

Mitre link : CVE-2022-0142

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File