CVE-2022-2240 Information

Description

The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files allowing unauthenticated users to attach a malicious CSV file to a quote which could lead to a CSV injection once an admin download and open it

Reference

https://wpscan.com/vulnerability/6a3a573e-f9f2-45ec-9156-332cc551fc7e