The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection.
algolplus advanced order export