Description
WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the database and potentially gain administrator privileges. WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
https://plugins.svn.wordpress.org/advanced-import/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.4)
Joomla! Core Denial of Service (2.5.0 - 3.9.27)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
WordPress Plugin Helios Solutions Brand Logo Slider Arbitrary File Upload (2.1)
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)