CVE-2022-2798

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd", "name": "https://wpscan.com/vulnerability/f169567d-c682-4abe-94df-a9d00be90edd", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-1236"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2798", "ASSIGNER": "contact@wpscan.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}}, "publishedDate": "2022-09-16T09:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wpaffiliatemanager:affiliates_manager:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.9.14"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-09-20T14:28Z"}