The plugin did not validate or sanitise user data, such as first and last names from the profile, leading to a CSV injection when the data is exported by an administrator.
Mohamad Pishdar (cert.ikiu.ac.ir)
Yes
2020-11-20 (about 2 years ago)
2020-11-20 (about 2 years ago)
2020-11-21 (about 2 years ago)