CVE-2022-46801 WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection

2023-11-0716:11:31

CWE-1236

Patchstack

www.cve.org

wordpress

site reviews plugin

6.2.0

csv injection

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "site-reviews",
    "product": "Site Reviews",
    "vendor": "Paul Ryley",
    "versions": [
      {
        "changes": [
          {
            "at": "6.4.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.2.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]