WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection
CVE-2022-45357

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: 1003 Mortgage Application
Vendor: CVE Published:; 7 November 2023

Summary

This vulnerability arises from inadequate handling of formula elements within CSV files generated by Lenderd's 1003 Mortgage Application. Attackers may exploit this flaw by crafting malicious input that, when processed, can lead to unintended execution of arbitrary formulas in the context of the end-user's spreadsheet application. The affected versions span from an unspecified version up to 1.75, emphasizing the need for immediate remediation to mitigate potential security risks.

Affected Version(s)

1003 Mortgage Application <= 1.75

References

https://patchstack.com/database/vulnerability/1003-mortga...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Nov 14, 2022

Credit

Rodrigo Escobar - ipax (Patchstack Alliance)