CVE-2020-9466

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.