CVE-2022-46802: WordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV Injection
First published: Tue Nov 07 2023(Updated: )
Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webtoffee Product Reviews Import Export For Woocommerce | <=1.4.8 |
Remedy
Update to 1.4.9 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-46802.
What is the title of this vulnerability?
The title of this vulnerability is 'WordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV Injection.'
What is the affected software?
The affected software is WebToffee Product Reviews Import Export for WooCommerce version 1.4.8 and below.
What is the severity of this vulnerability?
The severity of this vulnerability is critical with a CVSS score of 9.8.
How can I fix this vulnerability?
To fix this vulnerability, update WebToffee Product Reviews Import Export for WooCommerce plugin to the latest version.
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/event
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/source
- vendor/webtoffee
- canonical/webtoffee product reviews import export for woocommerce
- version/webtoffee product reviews import export for woocommerce/1.4.8