QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1539

Published: Jul 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks.

Vendor	Product	Versions
Unknown	Exports and Reports	affected `0.9.2 - < 0.9.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/50f70927-9677-4ba4-a388-0a41ed356523

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.