Lucene search
HistoryJul 25, 2022 - 1:15 p.m.
CVE-2022-2240
wordpress
plugin
unauthenticated
csv injection
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.3%
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Affected configurations
Node
emarketdesignrequest_a_quoteRange≤2.3.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emarketdesign | request_a_quote | * | cpe:2.3:a:emarketdesign:request_a_quote:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
Request a Quote <= 2.3.7 - CSV Injection
2022-06-28 00:00:00
wpvulndb
wpvulndb
Request a Quote <= 2.3.7 - CSV Injection
2022-06-28 00:00:00
prion
prion
Open redirect
2022-07-25 13:15:00
cvelist
cvelist
CVE-2022-2240 Request a Quote <= 2.3.7 - CSV Injection
2022-07-25 12:47:55
patchstack
patchstack
WordPress Request a Quote plugin <= 2.3.7 - CSV Injection vulnerability
2022-06-28 00:00:00
cve
cve
CVE-2022-2240
2022-07-25 13:15:08
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
66.3%
Related for NVD:CVE-2022-2240