WordPress Contact Form 7 to Database Extension plugin 2.10.32 - CSV Injection vulnerability
Contact Form 7 to Database Extension
CSV Injection vulnerability found in WordPress Contact Form 7 to Database Extension plugin (version 2.10.32). Vulnerable file ExportToCsvUtf8.php allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
This plugin has been closed and is no longer available for download on WordPress.org, and we suggest to deactivate and delete this plugin from your server asap.
Type Direct static code injection OWASP Top 10 A1: Injection