ГлавнаяУязвимости → CVE-2022-3604
7.8высокая

CVE-2022-3604

Описание

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.

Затрагиваемое ПО
Crmperks Database for contact form 7\, wpforms\, elementor forms
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/300ebfcd-c500-464e-b919-acfeb72593de/https://wpscan.com/vulnerability/300ebfcd-c500-464e-b919-acfeb72593de/