Vulnerabilities > CVE-2022-1202 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

usabilitydynamics

CWE-1236

NVD

Published: 2022-06-13

Updated: 2022-06-17

Summary

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Usabilitydynamics Usabilitydynamics WP CRM - Usabilitydynamics WP CRM 1.2.1	2

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a