Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-16 | CVE-2022-38844 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8 CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. | 8.0 |
| 2022-09-16 | CVE-2022-1194 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mobileeventsmanager Mobile Events Manager The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. | 8.8 |
| 2022-09-16 | CVE-2022-2798 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wpaffiliatemanager Affiliates Manager The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data | 8.0 |
| 2022-09-06 | CVE-2022-2429 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ultimatesmsnotifications Ultimate SMS Notifications for Woocommerce 1.4.1 The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. | 8.0 |
| 2022-09-06 | CVE-2022-3026 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wp-Users-Exporter Project Wp-Users-Exporter 1.4.2 The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. | 8.8 |
| 2022-07-25 | CVE-2022-1539 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Exports and Reports Project Exports and Reports The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. | 8.8 |
| 2022-07-25 | CVE-2022-2240 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Emarketdesign Request a Quote The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | 8.8 |
| 2022-06-17 | CVE-2022-2112 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Inventree Project Inventree Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 |
| 2022-06-13 | CVE-2022-1202 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1 The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | 7.8 |
| 2022-06-09 | CVE-2022-2027 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kromit Titra Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. | 8.0 |