Description
WordPress Plugin Advanced Import:One Click Import for WordPress or Theme Demo Data is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Advanced Import:One Click Import for WordPress or Theme Demo Data version 1.3.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.8 or latest
References
Related Vulnerabilities
WordPress Plugin Download Monitor Unspecified Vulnerability (4.4.6)
WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.6.11)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.10)
e107 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3731)
WordPress Plugin The Welcomizer 'twiz-index.php' Cross-Site Scripting (1.3.9.4)