An issue exists in Joomla! 2.5.0 up to and including 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
joomla joomla\\!