CSV Injection vulnerability discovered by Zhouyuan Yang in WordPress Ultimate SMS Notifications for WooCommerce plugin (versions <= 1.4.1).
Update the WordPress Ultimate SMS Notifications for WooCommerce plugin to the latest available version (at least 1.4.2).