Description
WordPress Plugin WP Smart Import: Import any XML File to WordPress is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin WP Smart Import: Import any XML File to WordPress version 1.0.0 is vulnerable.
Remediation
Update to plugin version 1.0.1 or latest
References
Related Vulnerabilities
WordPress Plugin Catch Themes Demo Import Security Bypass (1.5)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-5482)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1210)
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-3399)
WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)