Description
WordPress Plugin Import and export users and customers is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export users. WordPress Plugin Import and export users and customers version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.15.0.1 or latest
References
https://plugins.trac.wordpress.org/changeset/2220481
https://plugins.svn.wordpress.org/import-users-from-csv-with-meta/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (4.9.1)
WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)
MySQL CVE-2016-0648 Vulnerability (CVE-2016-0648)
WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.3.11)