Description
WordPress Plugin Import all XML, CSV & TXT into WordPress is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Import all XML, CSV & TXT into WordPress version 6.5.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.5.3 or latest
References
Related Vulnerabilities
Moodle Improper Input Validation Vulnerability (CVE-2009-1171)
WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)
WordPress Plugin PIKLIST-Rapid development framework Cross-Site Scripting (0.9.4.25)
WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)