CVE-2022-3393: Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
First published: Tue Oct 25 2022(Updated: )
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bestwebsoft Post To Csv Wordpress | <=1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3393?
CVE-2022-3393 is a vulnerability in the Post to CSV by BestWebSoft WordPress plugin through version 1.4.0 that allows CSV injection due to improper field escaping when exporting data as CSV.
What is the severity of CVE-2022-3393?
CVE-2022-3393 has a severity rating of 9.8, which is considered critical.
How does CVE-2022-3393 affect Bestwebsoft Post To Csv?
CVE-2022-3393 affects Bestwebsoft Post To Csv plugin version 1.4.0 and potentially earlier versions.
How can I fix the CVE-2022-3393 vulnerability?
To fix the CVE-2022-3393 vulnerability, update the Bestwebsoft Post To Csv plugin to the latest version available, which should include a patch for the CSV injection issue.
Is there any additional information about CVE-2022-3393?
For additional information about CVE-2022-3393, you can visit the following reference: https://wpscan.com/vulnerability/689b4c42-c516-4c57-8ec7-3a6f12a3594e
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/bestwebsoft
- canonical/bestwebsoft post to csv wordpress
- version/bestwebsoft post to csv wordpress/1.4.0