Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
CVE-2022-3558

8HIGH

Key Information:

Vendor: Wordpress
Status: Import And Export Users And Customers
Vendor: CVE Published:; 7 November 2022

What is CVE-2022-3558?

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Import and export users and customers 1.20.5

References

https://wpscan.com/vulnerability/e3d72e04-9cdf-4b7d-953e-...

https://plugins.trac.wordpress.org/changeset?new=2798139%...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2022
Vulnerability Reserved
Oct 17, 2022

Credit

Adel Bouaricha

JSON

Wordpress

What is CVE-2022-3558?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.