CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45370 – WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45370
06 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en WebToffee WordPress Comments Import & Export. Este problema afecta a WordPress Comments Import & Export: desde n/a hasta 2.3.1. The WordPress Comments Import & Export plugin for WordPress is vulnerable to CSV Injection... • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-wordpress-comments-import-export-plugin-2-3-1-csv-injection?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11526 – WordPress Comments Import & Export <= 2.0.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2018-11526
19 Jun 2018 — The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. El plugin "WordPress Comments Import Export" para WordPress (versiones 2.0.4 y anteriores) es vulnerable a una inyección de CSV. The WordPress Comments Import & Export plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.0.4 via the form fields. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code exec... • https://www.exploit-db.com/exploits/44940 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •