Beta

Report

Commenter Emails <= 2.6.1 is vulnerable to CSV Injection

Unauthenticated
Published
2023-02-01

The Commenter Emails plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.6.1. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-45360

CVSS

Score:4.7

Severity:Medium

Version: 2.6.1

The plugin vendor has not patched this vulnerability at the moment.