Share
## https://sploitus.com/exploit?id=WPEX-ID:62BE0991-F095-43CF-A167-3DAAED254594
Export events with malicious CSV:
1. Create and save a new Enquiry source and add the following in the name field: =Calc|A!Z
2. Create and save a new Event with test information and select our malicious CSV payload from the dropdown of "Enquiry source" 
3. Victim generate CSV file export and download it

Export transaction with malicious CSV:
1. Add transaction & enter 'Paid from" as malicious CSV script =Calc|A!Z & save the transaction
2. Victim generate CSV file export and download it

The malicious CSV script is executed when the file is opened by the victim in a spreadsheet application.