CVE-2022-46809 – This CVE describes a CSV injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-46809?

CVE-2022-46809 has a CVSS score of 9.8 (CRITICAL). This CVE describes a CSV injection vulnerability in the ReviewX WordPress plugin for WooCommerce. Attackers can embed malicious formulas in CSV files exported by the plugin, which execute when opened in spreadsheet applications like Excel. All WordPress sites using vulnerable versions of the ReviewX plugin are affected.

📋 TL;DR

This CVE describes a CSV injection vulnerability in the ReviewX WordPress plugin for WooCommerce. Attackers can embed malicious formulas in CSV files exported by the plugin, which execute when opened in spreadsheet applications like Excel. All WordPress sites using vulnerable versions of the ReviewX plugin are affected.

💻 Affected Systems

Products:

ReviewX – Multi-criteria Rating & Reviews for WooCommerce WordPress plugin

Versions: All versions up to and including 1.6.7

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the ReviewX plugin to be installed and active on a WordPress site with WooCommerce.

📦 What is this software?

Reviewx by Wpdeveloper

View all CVEs affecting Reviewx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on client machines opening malicious CSV files, data theft, or complete system compromise via formula execution in spreadsheet applications.

🟠

Likely Case

Data exfiltration or client-side code execution when users open exported CSV files containing malicious formulas in vulnerable spreadsheet applications.

🟢

If Mitigated

Limited impact if users open CSV files in text editors or properly configured spreadsheet applications that disable formula execution.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and the plugin's CSV export functionality is accessible to authenticated users.

🏢 Internal Only: MEDIUM - Risk exists when internal users open malicious CSV files, but requires initial access to generate or upload the file.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to generate or upload CSV files. CSV injection techniques are well-documented and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.8 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-6-csv-injection

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'ReviewX – Multi-criteria Rating & Reviews for WooCommerce'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.6.8+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable CSV export functionality

all

Temporarily disable the CSV export feature in ReviewX plugin settings until patched.

Educate users on safe CSV handling

all

Instruct users to open CSV files in text editors or disable formula execution in spreadsheet applications.

🧯 If You Can't Patch

Restrict plugin access to trusted users only
Implement web application firewall rules to block CSV file uploads containing formula patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → ReviewX plugin version. If version is 1.6.7 or lower, you are vulnerable.

Check Version:

wp plugin list --name=reviewx --field=version (if WP-CLI installed)

Verify Fix Applied:

Verify plugin version is 1.6.8 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

CSV file exports from ReviewX plugin
User access to review/export functionality

Network Indicators:

CSV file downloads from /wp-content/uploads/reviewx/ or similar paths

SIEM Query:

source="wordpress" AND (plugin="reviewx" AND action="export")

📊 Metadata

CVE ID: CVE-2022-46809

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1236

Published: November 7, 2023

Last Updated: November 21, 2024

🔗 References

https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-6-csv-injection?_s_id=cve Third Party Advisory
https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-6-csv-injection?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46809, you might also want to check these: