CVE-2022-3603

Summary

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.

Affected Software

VendorProductVersion RangeStatus
UnknownExport customers list csv for WooCommerce, WordPress users csv, export Guest customer list0 < 2.0.69affected

Weaknesses

  • CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References