CVE-2022-45357 WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection

2023-11-0715:45:27

CWE-1236

Patchstack

www.cve.org

cve-2022-45357

wordpress

1003 mortgage application plugin

csv injection

lenderd 1003 mortgage application

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "1003-mortgage-application",
    "product": "1003 Mortgage Application",
    "vendor": "Lenderd",
    "versions": [
      {
        "changes": [
          {
            "at": "1.80",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.75",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]