Description
WordPress Plugin Import and export users and customers is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export users. WordPress Plugin Import and export users and customers version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.15.0.1 or latest
References
https://plugins.trac.wordpress.org/changeset/2220481
https://plugins.svn.wordpress.org/import-users-from-csv-with-meta/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.9)
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.4.37.727)