CWE-1236

The plugin “Advanced Order Export For WooCommerce” for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.

The plugin “WordPress Comments Import & Export” for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.

The WebDorado “Form Maker by WD” plugin before 1.12.24 for WordPress allows CSV injection.

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.