Description
WordPress Plugin Import Export WordPress Users is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently import new users via a CSV file, including administrative-level users. WordPress Plugin Import Export WordPress Users version 1.3.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.9 or latest
References
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
https://plugins.svn.wordpress.org/users-customers-import-export-for-wp-woocommerce/trunk/readme.txt
Related Vulnerabilities
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)
WordPress Plugin Handsome Testimonials & Reviews SQL Injection (2.0.7)
WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45369)