Description

WordPress Plugin Import users from CSV with meta is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Import users from CSV with meta version 1.14.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.14.2.1 or latest

References

Related Vulnerabilities