WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP-CRM plugin version 1.2.1 and earlier versions are vulnerable to a CSV injection vulnerability, which stems from a failure to validate and clean up fields when exporting people to CSV files. This vulnerability can be exploited to cause CSV injection attacks.