CVE-2022-46803 - OpenCVE

Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Noptin	Noptin

Configuration 1 [-]

cpe:2.3:a:noptin:noptin:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability?_s_id=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-11-07T16:40:45.392Z

Updated: 2024-09-04T18:13:34.266Z

Reserved: 2022-12-08T09:38:31.430Z

Link: CVE-2022-46803

Vulnrichment

Updated: 2024-08-03T14:39:38.702Z

NVD

Status : Analyzed

Published: 2023-11-07T17:15:08.833

Modified: 2023-11-14T20:04:35.113

Link: CVE-2022-46803

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46803", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-12-08T09:38:31.430Z", "datePublished": "2023-11-07T16:40:45.392Z", "dateUpdated": "2024-09-04T18:13:34.266Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "newsletter-optin-box", "product": "Simple Newsletter Plugin \u2013 Noptin", "vendor": "Noptin Newsletter", "versions": [{"changes": [{"at": "1.10.0", "status": "unaffected"}], "lessThanOrEqual": "1.9.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin \u2013 Noptin.<p>This issue affects Simple Newsletter Plugin \u2013 Noptin: from n/a through 1.9.5.</p>"}], "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin \u2013 Noptin.This issue affects Simple Newsletter Plugin \u2013 Noptin: from n/a through 1.9.5.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-11-07T16:40:45.392Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.10.0 or a higher version."}], "value": "Update to\u00a01.10.0 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.702Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T18:13:14.026742Z", "id": "CVE-2022-46803", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T18:13:34.266Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:39:38.702Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-46803", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-04T18:13:14.026742Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T18:13:30.433Z"}}], "cna": {"title": "WordPress Noptin Plugin <= 1.9.5 is vulnerable to CSV Injection", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "affected": [{"vendor": "Noptin Newsletter", "product": "Simple Newsletter Plugin \u2013 Noptin", "versions": [{"status": "affected", "changes": [{"at": "1.10.0", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.9.5"}], "packageName": "newsletter-optin-box", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a01.10.0 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 1.10.0 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/newsletter-optin-box/wordpress-simple-newsletter-plugin-noptin-plugin-1-9-5-unauth-csv-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin \u2013 Noptin.This issue affects Simple Newsletter Plugin \u2013 Noptin: from n/a through 1.9.5.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin \u2013 Noptin.<p>This issue affects Simple Newsletter Plugin \u2013 Noptin: from n/a through 1.9.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1236", "description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-11-07T16:40:45.392Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46803", "state": "PUBLISHED", "dateUpdated": "2024-09-04T18:13:34.266Z", "dateReserved": "2022-12-08T09:38:31.430Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2023-11-07T16:40:45.392Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}