Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection
CVE-2022-3603

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
Export Customers List Csv For WooCommerce, WordPress Users Csv, Export Guest Customer List
Vendor
CVE Published:
28 November 2022

Summary

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.

Affected Version(s)

Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list 0 < 2.0.69

References

https://wpscan.com/vulnerability/376e2bc7-2eb9-4e0a-809c-...
exploittechnical-description

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francesco Carlucci
.