CVE-2022-3600: Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
First published: Mon Nov 21 2022(Updated: )
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sandhillsdev Easy Digital Downloads | <3.1.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Easy Digital Downloads WordPress plugin issue?
The vulnerability ID for this Easy Digital Downloads WordPress plugin issue is CVE-2022-3600.
What is the severity level of CVE-2022-3600?
The severity level of CVE-2022-3600 is critical with a CVSS score of 9.8.
What is the affected software?
The affected software is the Easy Digital Downloads WordPress plugin version up to and excluding 3.1.0.2.
What is the risk of the vulnerability?
The risk of the vulnerability is CSV injection, which can occur when the plugin outputs data in a CSV file without proper validation.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to update the Easy Digital Downloads WordPress plugin to version 3.1.0.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/sandhillsdev
- canonical/sandhillsdev easy digital downloads