CVE-2022-3605: 
WordPress vulnerability analysis and mitigation

The WP CSV Exporter WordPress plugin before version 1.3.7 contains a CSV injection vulnerability identified as CVE-2022-3605. The vulnerability was discovered by Francesco Carlucci and publicly disclosed on November 29, 2022. This security issue affects the plugin's data export functionality, specifically impacting WordPress installations using the vulnerable plugin versions (WPScan).

The vulnerability stems from improper field escaping when exporting data as CSV. It is classified as a CSV Injection vulnerability (CWE-1236) and falls under the OWASP Top 10 category A1: Injection. The vulnerability has been assigned a CVSS score of 3.4 (low severity), indicating a relatively low-risk security issue (WPScan).

When exploited, this vulnerability allows for the execution of CSV formulas in spreadsheet applications. When a malicious user creates content with formula syntax and exports it to CSV, the formulas become active when opened in applications like Excel or LibreOffice, potentially leading to unauthorized formula execution (WPScan).

The vulnerability has been fixed in version 1.3.7 of the WP CSV Exporter plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).