Description
WordPress Plugin Import all XML, CSV & TXT into WordPress is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Import all XML, CSV & TXT into WordPress version 6.5.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.5.3 or latest
References
Related Vulnerabilities
WebLogic CVE-2019-2441 Vulnerability (CVE-2019-2441)
WordPress Plugin Brizy-Page Builder Security Bypass (1.0.113)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)
WordPress Plugin Twitget Cross-Site Request Forgery (3.3.2)
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)