WordPress Plugin Vulnerabilities

Export Post Info < 1.2.1 - Author+ CSV Injection

Description

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection

Affects Plugins

Plugin icon
export-post-info
Fixed in 1.2.1

References

CVE
CVE-2022-38061

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236
CVSS
6.2 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
30d11996-a017-4908-80df-3115e3c9aa02

Timeline

Publicly Published
2022-09-22 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2022-06-29
Title
Exports and Reports < 0.9.2 - Contributor+ CSV Injection
Published
2022-11-09
Title
Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection
Published
2022-10-18
Title
WPForms Pro < 1.7.7 - CSV Injection
Published
2025-07-10
Title
Broken Link Notifier < 1.3.1 - Authenticated (Contributor+) CSV Injection
Published
2020-01-08
Title
WP Users Exporter <= 1.4.2 - CSV Injection