Vulnerability CVE-2022-2240
Published: 2022-07-25

Description:
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

Type:

CWE-1236

 References:
https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e
Copyright 2024, cxsecurity.com

 

Back to Top