Description
WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset the database and potentially gain administrator privileges. WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data version 1.0.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/
https://plugins.svn.wordpress.org/advanced-import/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin wpDataTables-WordPress Tables & Table Charts Arbitrary File Upload (1.5.3)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)
Oracle Database Server CVE-2007-3858 Vulnerability (CVE-2007-3858)
PHP Out-of-bounds Read Vulnerability (CVE-2022-31630)
WordPress Plugin Ultimate Instagram Feed Cross-Site Scripting (1.2)