Description
WordPress Plugin Import Export WordPress Users is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently import new users via a CSV file, including administrative-level users. WordPress Plugin Import Export WordPress Users version 1.3.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.9 or latest
References
https://www.wordfence.com/blog/2020/03/vulnerability-patched-in-import-export-wordpress-users/
https://plugins.svn.wordpress.org/users-customers-import-export-for-wp-woocommerce/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Media Usage Cross-Site Scripting (0.0.4)
WordPress Plugin Asgaros Forum Cross-Site Request Forgery (1.5.8)
WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)
WordPress Plugin EWWW Image Optimizer Cross-Site Scripting (2.0.1)
WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.83)