WordPress Plugin Vulnerabilities

WP CSV Exporter < 1.3.7 - CSV Injection

Description

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.

Proof of Concept

- create a post using =5+5 as the title
- export the data as CSV
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed

Affects Plugins

Plugin icon
wp-csv-exporter
Fixed in 1.3.7

References

CVE
CVE-2022-3605

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
28ecdf61-e478-42c3-87c0-80a9912eadb2

Timeline

Publicly Published
2022-11-29 (about 1 years ago)
Added
2022-11-21 (about 1 years ago)
Last Updated
2022-11-21 (about 1 years ago)

Other

Published
Title
Published
2021-11-03
Title
Visual Form Builder < 3.0.6 - CSV Injection
Published
2022-10-21
Title
Contact Form Entries < 1.3.0 - CSV Injection
Published
2023-11-07
Title
Export Users Data CSV < 2.2 - Improper Neutralization of Formula Elements in a CSV File
Published
2021-01-25
Title
Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection
Published
2020-11-20
Title
Easy Registration Forms <= 2.0.6 - CSV Injection