Go to the Sign-up Sheets--> Add New.

Enter the following CSV Injection payload in the field "Title", "Details" and "Task" click on save button.

=cmd|' /C notepad'!'A1' 


DDE ("cmd";"/C calc";"!A0")A0

After that click on "Export All as CSV " when admin open this downloaded csv file the csv injection payload get executed.

Note (WPScanTeam): To easily reproduce the issue: Create a new sheet with =1+2 as Title, then export it via the All Sheets > Export All as CSV, open it with OpenOffice or any other Spreadsheet viewer and note that the Title column is processed as formula, displaying 3 and not =1+2