CSV Injection vulnerability found in WordPress Contact Form 7 to Database Extension plugin (version 2.10.32). Vulnerable file ExportToCsvUtf8.php allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
This plugin has been closed and is no longer available for download on WordPress.org, and we suggest to deactivate and delete this plugin from your server asap.
CPE | Name | Operator | Version |
---|---|---|---|
contact form 7 to database extension | eq | 2.10.32 |