Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2018-09-01 CVE-2018-16308 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
local
low complexity
ninjaforms CWE-1236
8.6
2018-08-31 CVE-2018-16275 Improper Neutralization of Formula Elements in a CSV File vulnerability in Opswat Metadefender
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
local
low complexity
opswat CWE-1236
7.8
2018-08-28 CVE-2018-15571 Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users to CSV Project Export Users to CSV
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
local
low complexity
export-users-to-csv-project CWE-1236
8.6
2018-06-19 CVE-2018-11526 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export
The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
local
low complexity
webtoffee CWE-1236
7.8
2018-06-19 CVE-2018-11525 The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
local
low complexity
CWE-1236
7.8
2018-06-01 CVE-2018-11652 Improper Neutralization of Formula Elements in a CSV File vulnerability in Cirt.Net Nikto 2.1.6
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.
network
low complexity
cirt-net CWE-1236
critical
9.8
2018-05-01 CVE-2018-10258 Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
network
low complexity
codeslab CWE-1236
8.8
2018-05-01 CVE-2018-10257 Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
local
low complexity
hrsale-project CWE-1236
8.8
2018-05-01 CVE-2018-10255 Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
network
low complexity
clustercoding CWE-1236
8.8
2018-04-27 CVE-2018-10504 Improper Neutralization of Formula Elements in a CSV File vulnerability in Web-Dorado Form Maker
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
local
low complexity
web-dorado CWE-1236
7.8