CVE-2022-3600: 
WordPress vulnerability analysis and mitigation

The Easy Digital Downloads WordPress plugin before version 3.1.0.2 contains a CSV injection vulnerability identified as CVE-2022-3600. The vulnerability was discovered by Francesco Carlucci and publicly disclosed on September 28, 2022. The issue affects the plugin's data export functionality where it fails to properly validate data when outputting to CSV files (WPScan).

The vulnerability is classified as a CSV Injection (CWE-1236) with a CVSS score of 4.7 (medium severity). The issue stems from improper validation of data when exporting to CSV files, which can allow formula injection in spreadsheet applications. The vulnerability falls under the OWASP Top 10 category A1: Injection (WPScan).

When exploited, this vulnerability allows attackers to inject formulas into CSV files that get executed when opened in spreadsheet applications like Excel or LibreOffice. This could potentially lead to data manipulation or unauthorized code execution within the context of the spreadsheet application (WPScan).

The vulnerability has been fixed in Easy Digital Downloads version 3.1.0.2. Users are advised to update to this version or later to mitigate the risk (WPScan).