High severity8.8NVD Advisory· Published Jul 25, 2022· Updated Jun 17, 2026
CVE-2022-2240
CVE-2022-2240
Description
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
Affected products
2<=2.3.7+ 1 more
- (no CPE)range: <=2.3.7
- (no CPE)range: 2.3.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.