2022-11-07 00:00:00
WPScan
PUBLISHED
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection