Description
WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the database and potentially gain administrator privileges. WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
https://plugins.svn.wordpress.org/advanced-import/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2023-22057 Vulnerability (CVE-2023-22057)
WordPress 4.1.x Same Origin Method Execution (SOME) Vulnerability (4.1 - 4.1.10)
WordPress Plugin ApplyOnline-Application Form Builder and Manager Cross-Site Scripting (1.9.94)
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)