Description
WordPress Plugin Import and export users and customers is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export users. WordPress Plugin Import and export users and customers version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.15.0.1 or latest
References
https://plugins.trac.wordpress.org/changeset/2220481
https://plugins.svn.wordpress.org/import-users-from-csv-with-meta/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Membership by Supsystic SQL Injection (1.4.7)
WordPress Plugin WP Mega Menu Security Bypass (1.4.0)
WordPress Plugin Candidate Application Form Arbitrary File Disclosure (1.6)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9)
WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)