Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-41791 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Metagauss Profilegrid Auth. | 8.8 |
| 2022-11-14 | CVE-2022-3574 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpforms PRO The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | 9.8 |
| 2022-11-08 | CVE-2022-27858 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Activity LOG Project Activity LOG CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | 9.8 |
| 2022-11-07 | CVE-2022-3463 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fluentforms Contact Form The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | 9.8 |
| 2022-11-07 | CVE-2022-3558 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files. | 8.0 |
| 2022-11-03 | CVE-2022-22425 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Infosphere Information Server 11.7 "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. | 9.8 |
| 2022-10-31 | CVE-2022-40294 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. | 8.8 |
| 2022-10-25 | CVE-2022-3393 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bestwebsoft Post to CSV The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | 9.8 |
| 2022-09-29 | CVE-2022-40472 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zktec Zkbio Time 8.0.7 ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. | 8.0 |
| 2022-09-06 | CVE-2022-3026 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wp-Users-Exporter Project Wp-Users-Exporter 1.4.2 The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. | 8.8 |