WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

FluentForm < 4.3.13 - CSV Injection

Description

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

Proof of Concept

- As unauthenticated, submit a form using =5+5 as value in any field

- As admin, export the data as CSV (/wp-admin/admin.php?page=fluent_forms&form_id=1&route=entries)
- open the CSV with a spreadsheet application (Excel, Libre Office)
- the CSV formula gets executed

Affects Plugins

fluentform
Fixed in version 4.3.13

References

CVE
CVE-2022-3463

Classification

Type

CSV INJECTION

OWASP top 10
A1: Injection
CWE
CWE-1236

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website
https://carluc.ci/
Submitter twitter
francecarlucci
Verified

Yes

WPVDB ID
e2a59481-db45-4b8e-b17a-447303469364

Timeline

Publicly Published

2022-10-17 (about 7 months ago)

Added

2022-10-17 (about 7 months ago)

Last Updated

2022-10-17 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin