Description
WordPress Plugin Export any WordPress data to XML/CSV is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin Export any WordPress data to XML/CSV version 0.9 is vulnerable.
Remediation
Update to plugin version 0.9.1 or latest
References
http://www.pritect.net/blog/wp-all-import-3-2-3-pro-4-0-3-vulnerability-breakdown
http://www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/
Related Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System Unspecified Vulnerability (8.0.7)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
Drupal Core 9.0.x Security Bypass (9.0.0 - 9.0.5)
Nginx buffer underflow vulnerability
WordPress Plugin Special Text Boxes Unspecified Vulnerability (5.5.102)