WordPress Plugin Vulnerabilities

Simple History < 3.4.0 - Improper Neutralization of Formula Elements in a CSV File

Description

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

Affects Plugins

Plugin icon
simple-history
Fixed in 3.4.0

References

CVE
CVE-2022-45350

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
6.0 (medium)

Miscellaneous

Original Researcher
ed32.dll
Verified
No
WPVDB ID
00ec1379-a642-4757-a411-73d0fddad5c7

Timeline

Publicly Published
2023-02-02 (about 3 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2022-10-03
Title
Post to CSV by BestWebSoft < 1.4.1 - Author+ CSV Injection
Published
2025-11-17
Title
Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection
Published
2023-11-07
Title
Export Users Data CSV < 2.2 - Improper Neutralization of Formula Elements in a CSV File
Published
2022-08-16
Title
Affiliates Manager < 2.9.14 - Affiliate CSV Injection
Published
2022-11-09
Title
Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection