WordPress Plugin Vulnerabilities

Posts and Users Stats < 1.1.4 - Improper Neutralization of Formula Elements in a CSV File

Description

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3.

Affects Plugins

Plugin icon
posts-and-users-stats
Fixed in 1.1.4

References

CVE
CVE-2022-44738

Classification

Type
CSV INJECTION
OWASP top 10
A1: Injection
CWE
CWE-1236

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
c673f2eb-3512-486e-aaee-6d729296d4b3

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2020-12-18
Title
Ultimate SMS Notifications for WooCommerce < 1.4.2 - CSV Injection
Published
2022-10-21
Title
Contact Form Entries < 1.3.0 - CSV Injection
Published
2022-08-17
Title
Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
Published
2021-06-21
Title
Sign-up Sheets < 1.0.14 - Authenticated CSV Injection
Published
2025-08-11
Title
AnWP Football Leagues < 0.16.18 - Authenticated (Administrator+) CSV Injection