CVE-2022-1539

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.
References
Configurations

Configuration 1

cpe:2.3:a:exports_and_reports_project:exports_and_reports:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-07-25 01:15

Updated : 2022-07-29 05:10


NVD link : CVE-2022-1539

Mitre link : CVE-2022-1539

Products Affected
No products.
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File