Description
WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the database and potentially gain administrator privileges. WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
https://plugins.svn.wordpress.org/advanced-import/trunk/readme.txt
Related Vulnerabilities
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4900)
OpenSSL Cryptographic Issues Vulnerability (CVE-2012-0884)
WordPress Plugin Caldera Forms-More Than Contact Forms Arbitrary File Disclosure (1.8.1)
WordPress Plugin InBoundio Marketing Arbitrary File Upload (2.0.3)