Vulnerabilities > CVE-2022-1202 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

usabilitydynamics

CWE-1236

NVD

Published: 2022-06-13

Updated: 2022-06-17

Summary

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Usabilitydynamics Usabilitydynamics WP CRM - Usabilitydynamics WP CRM 1.2.1	2

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a