Description
WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the database and potentially gain administrator privileges. WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
https://plugins.svn.wordpress.org/advanced-import/trunk/readme.txt
Related Vulnerabilities
Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)
Joomla! Core 2.5.x Denial of Service (2.5.0 - 2.5.9)
WordPress Plugin WP People 'wp-people-popup.php' SQL Injection (2.0)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Unspecified Vulnerability (4.10.2)