CVE-2019-9909

The “Donation Plugin and Fundraising Platform” plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
Source: NIST