Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-11525 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Algolplus Advanced Order Export for Woocommerce The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-01 | CVE-2018-11652 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cirt.Net Nikto 2.1.6 CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | 9.8 |
| 2018-05-01 | CVE-2018-10258 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0 A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2018-10257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2 A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2018-10255 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0 A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-04-27 | CVE-2018-10504 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection. | 7.8 |
| 2018-04-19 | CVE-2018-9137 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Open-Audit 2.1 Open-AudIT before 2.2 has CSV Injection. | 6.8 |
| 2018-04-18 | CVE-2018-8092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mautic Mautic before 2.13.0 allows CSV injection. | 9.8 |
| 2018-04-04 | CVE-2018-9035 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Contact-Form-7-To-Database-Extension Project Contact-Form-7-To-Database-Extension 2.10.30/2.10.31/2.10.32 CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. | 9.6 |