CVE-2022-3026
The WP Users Exporter plugin for WordPress (versions up to and including 1.4.2) is vulnerable to CSV Injection via the Export Users feature. An authenticated attacker (e.g., a subscriber) can inject untrusted data into profile fields (e.g., First Names) that are embedded in the CSV exported by an...