Vulnerabilities > CVE-2022-3604 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
crmperks
CWE-1236

Summary

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.

Vulnerable Configurations

Part Description Count
Application
Crmperks
31