The plugin does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
1. Visit https://example.com/wordpress/wp-admin/admin.php?page=connections_add 2. In the input filed add payload @SUM(1+1)*cmd|' /C calc'!A0 3. Visit Connections Tools and then click on Export All 4. It will download a file cn-export-all-MM-DD-YYYY.csv open it with Microsoft Excel
2020-05-29 (about 2 years ago)
2021-10-25 (about 1 years ago)
2022-04-13 (about 1 years ago)