The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
Published July 18, 2019.
Automattic Camptix Event Ticketing
