CVE-2022-2798

Summary

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

Affected Software

VendorProductVersion RangeStatus
UnknownAffiliates Manager2.9.14 < 2.9.14affected

Weaknesses

  • CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CVE Program Container

Additional References

References