The plugin “Advanced Order Export For WooCommerce” for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
CWE-1236
CVE-2018-11526
The plugin “WordPress Comments Import & Export” for WordPress (v2.0.4 and before) is vulnerable to CSV Injection.
CVE-2018-10504
The WebDorado “Form Maker by WD” plugin before 1.12.24 for WordPress allows CSV injection.
CVE-2018-10255
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVE-2018-10257
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVE-2018-10258
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.