WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection
CVE-2022-45350

8.8HIGH

Key Information:

Vendor: WordPress
Status: Simple History – User Activity Log, Audit Tool
Vendor: CVE Published:; 7 November 2023

Summary

A vulnerability has been identified in the Simple History plugin, which may allow an attacker to craft malicious CSV files. This can lead to improper execution of commands when opened in a vulnerable environment, thereby compromising user data integrity. It is crucial for users to update to the latest versions to mitigate this risk and protect sensitive information from unauthorized access.

Affected Version(s)

Simple History – user activity log, audit tool <= 3.3.1

References

https://patchstack.com/database/vulnerability/simple-hist...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Nov 14, 2022

Credit

ed32.dll (Patchstack)