WordPress Plugin Vulnerabilities

Export Users With Meta <= 0.6.10 - Subscriber+ CSV Injection

Description

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection

Affects Plugins

Plugin icon
user-export-with-their-meta-data
No known fix

References

CVE
CVE-2022-44577

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
3.0 (low)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
1d16e0cd-3ac0-418d-90c0-6563dd4dd135

Timeline

Publicly Published
2022-11-17 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-22 (about 3 years ago)

Other

Published
Title
Published
2022-05-18
Title
WP-CRM <= 1.2.1 - CSV Injection
Published
2022-10-17
Title
Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
Published
2023-02-06
Title
Email Subscribers & Newsletters < 5.5.3 - Improper Neutralization of Formula Elements in a CSV File
Published
2025-07-10
Title
Broken Link Notifier < 1.3.1 - Authenticated (Contributor+) CSV Injection
Published
2021-01-25
Title
Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection