CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45357 – WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45357
02 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Lenderd 1003 Mortgage Application. Este problema afecta a 1003 Mortgage Application: desde n/a hasta 1.75. The 1003 Mortgage Application plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.75. This allows unauth... • https://patchstack.com/database/vulnerability/1003-mortgage-application/wordpress-1003-mortgage-application-plugin-1-73-csv-injection?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24904 – Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24904
11 Jan 2022 — The Mortgage Calculators WP WordPress plugin before 1.56 does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin WP Mortgage Calculators de WordPress versiones anteriores a 1.56, no implementa ningún tipo de saneo en la configuración del color del fondo de una calculadora, lo que podría permitir a usuarios con altos privil... • https://www.exploit-db.com/exploits/50685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •