CVE-2022-2798
Published: 16 September 2022
Summary
CVE-2022-2798 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Wpaffiliatemanager Affiliates Manager. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 23.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-35038
Vulnerability details
The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.