Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4034 Improper Neutralization of Formula Elements in a CSV File vulnerability in Dwbooster Appointment Hour Booking
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72.
local
low complexity
dwbooster CWE-1236
7.8
2022-11-29 CVE-2022-41675 Improper Neutralization of Formula Elements in a CSV File vulnerability in Raidenmaild
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website.
network
low complexity
raidenmaild CWE-1236
8.0
2022-11-28 CVE-2022-3603 Improper Neutralization of Formula Elements in a CSV File vulnerability in Piwebsolution Export Customers List CSV for Woocommerce
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.
network
low complexity
piwebsolution CWE-1236
critical
9.8
2022-11-21 CVE-2022-44830 Improper Neutralization of Formula Elements in a CSV File vulnerability in Event Registration Application Project Event Registration Application 1.0
Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields.
7.8
2022-11-21 CVE-2022-3600 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sandhillsdev Easy Digital Downloads
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
network
low complexity
sandhillsdev CWE-1236
critical
9.8
2022-11-21 CVE-2022-3634 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
network
low complexity
ciphercoin CWE-1236
critical
9.8
2022-11-17 CVE-2022-41791 Improper Neutralization of Formula Elements in a CSV File vulnerability in Metagauss Profilegrid
Auth.
network
low complexity
metagauss CWE-1236
8.8
2022-11-17 CVE-2022-44577 Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users With Meta Project Export Users With Meta
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
network
low complexity
export-users-with-meta-project CWE-1236
8.0
2022-11-14 CVE-2022-3574 Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpforms PRO
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.
network
low complexity
wpforms CWE-1236
critical
9.8
2022-11-07 CVE-2022-3463 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fluentforms Contact Form
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection
network
low complexity
fluentforms CWE-1236
critical
9.8