CVE-2022-3463

Summary

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection

Affected Software

VendorProductVersion RangeStatus
UnknownContact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms4.3.13 < 4.3.13affected

Weaknesses

  • CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References