CVE-2022-3600


Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.


We have discovered 5,743 live websites that are affected by CVE-2022-3600.

Contact us to get more info



Affected Software

Product  Easy Digital Downloads
Category Ecommerce
Vulnerable Versions
  • from 0 before 3.1.0.2
Total Vulnerable Versions168
Vulnerable Domains5,743 live websites (30.71% of Easy Digital Downloads install base)


Common Weakness Enumeration


CWE-1236 Improper Neutralization of Formula Elements in a CSV File


Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3600 and the relative popularity of websites


Details

  • Published - Nov 21, 2022
  • Updated - Nov 29, 2022

Credits

  • Francesco Carlucci (finder)





Countries

United States2,371 websites


Iran534 websites
Germany383 websites
GB291 websites
France266 websites
Italy229 websites
Poland157 websites
Japan147 websites
Canada111 websites
Spain99 websites

TLDs

.com3,258 websites
.org312 websites
.net195 websites
.de143 websites
.it136 websites
.pl126 websites
.co.uk126 websites
.fr70 websites
.ru65 websites
.com.au58 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2022-3600 through included software libraries and plugins.



References


Websites affected by CVE-2022-3600

Top websites that are affected by CVE-2022-3600. Please click on the "Contact us" button above to get more information.
DomainCountryRankContacts
***.***************.eu Romania*,***
***.**********.com United States*,***
***.*************.com United States*,***
*********.com United States*,***
********.com United States*,***
***.****************.com United States*,***
**************.net United States**,***
***.***********.com United States**,***
***.***********.com Australia**,***
***.*************.com United States**,***
See full domain list