Untriaged
Permalink
CVE-2022-45350
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection
Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.
References
- https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-h… vdb-entry
- https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-h… vdb-entry x_transferred
- https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-h… vdb-entry
- https://patchstack.com/database/vulnerability/simple-history/wordpress-simple-h… vdb-entry x_transferred
Affected products
simple-history
- =<3.3.1
Matching in nixpkgs
pkgs.python312Packages.django-simple-history
Module to store Django model state on every create/update/delete
-
nixos-unstable -
- nixpkgs-unstable 3.10.1
pkgs.python313Packages.django-simple-history
Module to store Django model state on every create/update/delete
-
nixos-unstable -
- nixpkgs-unstable 3.10.1
Package maintainers
-
@DerDennisOP Dennis <dennish@wuitz.de>