Headline
CVE-2022-45350: WordPress Simple History plugin <= 3.3.1 - CSV Injection vulnerability - Patchstack
Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.
Solution
Fixed
Update the WordPress Simple History plugin to the latest available version (at least 3.4.0).
ed32.dll discovered and reported this CSV Injection vulnerability in WordPress Simple History Plugin. This could allow a malicious actor to craft malicious formulas to then exploit vulnerabilities in the spreadsheet software or to execute commands to gain access to the victim’;s PC. This vulnerability has been fixed in version 3.4.0.
Other vulnerabilities in this plugin
0 present
2 patched
View all
WordPress plugin developer?
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDP
Security researcher?
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more