CVE-2022-2240

CWE-12363 documents3 sources
Severity
8.8HIGH
EPSS
3.4%
top 12.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Request A QuoteEmarketdesign Request A Quote
Timeline
PublishedJul 25
Latest updateJul 26

Description

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/request_a_quote2.3.72.3.7

🔴Vulnerability Details

2
GHSA
GHSA-c759-j56j-j6v3: The Request a Quote WordPress plugin through 22022-07-26
CVEList
Request a Quote <= 2.3.7 - CSV Injection2022-07-25
CVE-2022-2240 (HIGH CVSS 8.8) | The Request a Quote WordPress plugi | cvebase.io