Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-2240
HistoryJul 25, 2022 - 12:47 p.m.

CVE-2022-2240 Request a Quote <= 2.3.7 - CSV Injection

2022-07-2512:47:55
CWE-1236
WPScan
www.cve.org
3
cve-2022-2240
wordpress plugin
csv injection
file validation
unauthenticated users
admin permissions

AI Score

9

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

CNA Affected

[
  {
    "product": "Request a Quote",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.3.7",
        "status": "affected",
        "version": "2.3.7",
        "versionType": "custom"
      }
    ]
  }
]

Related

wpexploit 1
wpvulndb 1
nvd 1
prion 1
patchstack 1
cve 1
wpexploit
wpexploit
Request a Quote <= 2.3.7 - CSV Injection
2022-06-28 00:00:00
wpvulndb
wpvulndb
Request a Quote <= 2.3.7 - CSV Injection
2022-06-28 00:00:00
nvd
nvd
CVE-2022-2240
2022-07-25 13:15:08
prion
prion
Open redirect
2022-07-25 13:15:00
patchstack
patchstack
WordPress Request a Quote plugin <= 2.3.7 - CSV Injection vulnerability
2022-06-28 00:00:00
cve
cve
CVE-2022-2240
2022-07-25 13:15:08

AI Score

9

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON
Related for CVELIST:CVE-2022-2240
wpexploit1wpvulndb1nvd1prion1patchstack1cve1