Description
The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.
Scores
CVSS v3
9.8
EPSS
0.0126
EPSS Percentile
79.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1236
Status
published
Products (1)
wpforms/wpforms_pro
< 1.7.7
Published
Nov 14, 2022
Tracked Since
Feb 18, 2026