CWE-1236

CVE-2022-3634

February 23, 2023 by godfreyd94

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.

CVE-2022-3605

February 23, 2023 by godfreyd94

The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

CVE-2022-3600

February 23, 2023 by godfreyd94

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.

CVE-2022-3574

February 23, 2023 by godfreyd94

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.

CVE-2022-3558

February 23, 2023 by godfreyd94

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.