The Post to CSV by BestWebSoft WordPress plugin up to and including 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
bestwebsoft post to csv