The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-07-25T12:47:55
Updated: 2024-08-03T00:32:09.260Z
Reserved: 2022-06-28T00:00:00
Link: CVE-2022-2240
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-25T13:15:08.563
Modified: 2022-07-29T15:16:17.903
Link: CVE-2022-2240
Redhat
No data.