Vulnerabilities > CVE-2022-1539 - Unspecified vulnerability in Exports and Reports Project Exports and Reports

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
exports-and-reports-project

Summary

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.

Vulnerable Configurations

Part Description Count
Application
Exports_And_Reports_Project
27