CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45350 – WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45350
02 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Pär Thernström Simple History – user activity log, audit tool. Este problema afecta Simple History: registro de actividad del usuario, herramienta de auditoría: desde n/a hasta 3.3.1. The Simple Hi... • https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-history-plugin-3-3-1-csv-injection-vulnerability?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-4011 – Simple History Plugin Header neutralization for logs
https://notcve.org/view.php?id=CVE-2022-4011
16 Nov 2022 — A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. • https://drive.google.com/file/d/142cPciqIhNbfKhhxIwbrYFTegLvnwin_/view • CWE-116: Improper Encoding or Escaping of Output CWE-707: Improper Neutralization •