CVE-2022-3026

Name of the Vulnerable Software and Affected Versions WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2

Description The issue is related to CSV Injection via the 'Export Users' functionality, allowing authenticated attackers to embed untrusted input into profile information. This can result in code execution when the exported CSV file is downloaded and opened on a local system with a vulnerable configuration. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks.

Recommendations For WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2: Update to a version higher than 1.4.2 to mitigate the risk of CSV Injection attacks. As a temporary workaround, consider restricting access to the 'Export Users' functionality until a patch is available. Avoid opening exported CSV files from untrusted sources on local systems with vulnerable configurations.