Headline
CVE-2022-45357: WordPress 1003 Mortgage Application plugin <= 1.75 - CSV Injection - Patchstack
Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.
Solution
Fixed
Update the WordPress 1003 Mortgage Application plugin to the latest available version (at least 1.80).
Rodrigo Escobar (ipax) discovered and reported this CSV Injection vulnerability in WordPress 1003 Mortgage Application Plugin. This could allow a malicious actor to craft malicious formulas to then exploit vulnerabilities in the spreadsheet software or to execute commands to gain access to the victim’;s PC. This vulnerability has been fixed in version 1.80.
Other vulnerabilities in this plugin
0 present
2 patched
View all
WordPress plugin developer?
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDP
Security researcher?
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more