exploitDog

CVE-2022-1194

Опубликовано: 16 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

Ссылки

https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mobileeventsmanager:mobile_events_manager:*:*:*:*:*:wordpress:*:*

Версия до 1.4.8 (исключая)

EPSS

Процентиль: 78%

0.01134

Низкий

8.8 High

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-4p76-gp5v-jc39

CVSS3: 8.8

github

больше 3 лет назад

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

EPSS

Процентиль: 78%

0.01134

Низкий

8.8 High

CVSS3

Дефекты

CWE-1236