CVE-2022-41616: 
WordPress vulnerability analysis and mitigation

A CSV Injection vulnerability (CVE-2022-41616) was discovered in the WordPress Export Users Data CSV plugin, affecting versions up to 2.1. The vulnerability was reported on October 14, 2022, and publicly disclosed on November 30, 2022. This security issue impacts the Kaushik Kalathiya Export Users Data CSV plugin for WordPress (Patchstack).

The vulnerability is classified as an Improper Neutralization of Formula Elements in a CSV File (CWE-1236). It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires subscriber-level privileges to exploit (NVD).

The vulnerability could allow a malicious actor to craft malicious formulas that could be used to exploit vulnerabilities in spreadsheet software or execute commands to gain access to the victim's PC. The severity is considered low priority despite the high CVSS score, as it is unlikely to be exploited in real-world scenarios (Patchstack).

The vulnerability has been fixed in version 2.2 of the Export Users Data CSV plugin. Users are advised to update to version 2.2 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).