The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-09-16T08:40:25
Updated: 2024-08-02T23:55:24.226Z
Reserved: 2022-03-31T00:00:00
Link: CVE-2022-1194
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-16T09:15:10.177
Modified: 2022-09-20T14:44:28.260
Link: CVE-2022-1194
Redhat
No data.