CVE-2022-2240

CVE-2022-2240: Request a Quote <= 2.3.7 - CSV Injection

Vendor Unknown
Product Request a Quote
Weakness CWE-1236
Published July 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it

Key dates

02Disclosure timeline

July 25, 2022 CVE published
August 3, 2024 Record updated