Vulnerabilities > CVE-2022-1539 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Exports and Reports Project Exports and Reports

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

exports-and-reports-project

CWE-1236

NVD

Published: 2022-07-25

Updated: 2022-07-29

Summary

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.

Vulnerable Configurations

Part	Description	Count
Application	Exports_And_Reports_Project Exports AND Reports Project Exports AND Reports 0.2 Exports AND Reports Project Exports AND Reports 0.3.2 Exports AND Reports Project Exports AND Reports 0.3.3 Exports AND Reports Project Exports AND Reports 0.4.2 Exports AND Reports Project Exports AND Reports 0.5.1 Exports AND Reports Project Exports AND Reports 0.5.2 Exports AND Reports Project Exports AND Reports 0.5.3 Exports AND Reports Project Exports AND Reports 0.6.1 Exports AND Reports Project Exports AND Reports 0.6.2 Exports AND Reports Project Exports AND Reports 0.6.3 Exports AND Reports Project Exports AND Reports 0.6.4 Exports AND Reports Project Exports AND Reports 0.7.0 Exports AND Reports Project Exports AND Reports 0.7.1 Exports AND Reports Project Exports AND Reports 0.7.2 Exports AND Reports Project Exports AND Reports 0.7.3 Exports AND Reports Project Exports AND Reports 0.7.4 Exports AND Reports Project Exports AND Reports 0.8.0 Exports AND Reports Project Exports AND Reports 0.8.1 Exports AND Reports Project Exports AND Reports 0.8.2 Exports AND Reports Project Exports AND Reports 0.8.3 Exports AND Reports Project Exports AND Reports 0.8.4 Exports AND Reports Project Exports AND Reports 0.8.5 Exports AND Reports Project Exports AND Reports 0.8.6 Exports AND Reports Project Exports AND Reports 0.8.7 Exports AND Reports Project Exports AND Reports 0.8.8 Exports AND Reports Project Exports AND Reports 0.9.0 Exports AND Reports Project Exports AND Reports 0.9.1	27

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523