CVE-2022-45810 (GCVE-0-2022-45810)
Vulnerability from cvelistv5 – Published: 2023-11-07 16:50 – Updated: 2025-02-19 21:19
VLAI?
Title
WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection
Summary
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2.
Severity ?
9.8 (Critical)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Icegram | Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce |
Affected:
n/a , ≤ 5.5.2
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:00.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T21:12:00.635680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T21:19:35.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "email-subscribers",
"product": "Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce",
"vendor": "Icegram",
"versions": [
{
"changes": [
{
"at": "5.5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce.\u003cp\u003eThis issue affects Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce: from n/a through 5.5.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce.This issue affects Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce: from n/a through 5.5.2.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T16:50:04.184Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;5.5.3 or a higher version"
}
],
"value": "Update to\u00a05.5.3 or a higher version"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Email Subscribers \u0026 Newsletters Plugin \u003c= 5.5.2 is vulnerable to CSV Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-45810",
"datePublished": "2023-11-07T16:50:04.184Z",
"dateReserved": "2022-11-23T07:45:38.347Z",
"dateUpdated": "2025-02-19T21:19:35.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"5.5.2\", \"matchCriteriaId\": \"44C8215A-938C-4A37-969D-EF436FDCCC7F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce.This issue affects Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce: from n/a through 5.5.2.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Neutralizaci\\u00f3n inadecuada de elementos de f\\u00f3rmula en una vulnerabilidad de CSV File en Icegram Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce. Este problema afecta a Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce: desde n/a hasta 5.5. 2.\"}]",
"id": "CVE-2022-45810",
"lastModified": "2024-11-21T07:29:45.820",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-11-07T17:15:08.537",
"references": "[{\"url\": \"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"audit@patchstack.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1236\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-45810\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2023-11-07T17:15:08.537\",\"lastModified\":\"2025-02-19T22:15:10.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce.This issue affects Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce: from n/a through 5.5.2.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Neutralizaci\u00f3n inadecuada de elementos de f\u00f3rmula en una vulnerabilidad de CSV File en Icegram Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce. Este problema afecta a Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce: desde n/a hasta 5.5. 2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1236\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"5.5.2\",\"matchCriteriaId\":\"44C8215A-938C-4A37-969D-EF436FDCCC7F\"}]}]}],\"references\":[{\"url\":\"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:24:00.962Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-45810\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-19T21:12:00.635680Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-19T20:58:41.556Z\"}}], \"cna\": {\"title\": \"WordPress Email Subscribers \u0026 Newsletters Plugin \u003c= 5.5.2 is vulnerable to CSV Injection\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Mika (Patchstack Alliance)\"}], \"affected\": [{\"vendor\": \"Icegram\", \"product\": \"Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"5.5.3\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.5.2\"}], \"packageName\": \"email-subscribers\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to\\u00a05.5.3 or a higher version\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to\u0026nbsp;5.5.3 or a higher version\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce.This issue affects Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026 WooCommerce: from n/a through 5.5.2.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce.\u003cp\u003eThis issue affects Icegram Express \\u2013 Email Marketing, Newsletters and Automation for WordPress \u0026amp; WooCommerce: from n/a through 5.5.2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1236\", \"description\": \"CWE-1236 Improper Neutralization of Formula Elements in a CSV File\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2023-11-07T16:50:04.184Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-45810\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-19T21:19:35.808Z\", \"dateReserved\": \"2022-11-23T07:45:38.347Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2023-11-07T16:50:04.184Z\", \"assignerShortName\": \"Patchstack\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…