Description
WordPress Plugin Import and export users and customers is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export users. WordPress Plugin Import and export users and customers version 1.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.15.0.1 or latest
References
https://plugins.trac.wordpress.org/changeset/2220481
https://plugins.svn.wordpress.org/import-users-from-csv-with-meta/trunk/readme.txt
Related Vulnerabilities
Python Uncontrolled Search Path Element Vulnerability (CVE-2017-20052)
Oracle JRE CVE-2022-21271 Vulnerability (CVE-2022-21271)
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.9)
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)