Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.6.8).
Universe discovered and reported this Arbitrary Code Execution vulnerability in WordPress Import any XML or CSV File to WordPress Plugin. This could allow a malicious actor to remotely execute malicious code on your site. This code could take-over your entire website or create more backdoors and inject advertisements. This vulnerability has been fixed in version 3.6.8.
Auth. Directory traversal vulnerability
Auth. Arbitrary File Upload vulnerability
Authenticated Malicious File Upload vulnerability
Stored CrossSite Scripting (XSS) vulnerability
CrossSite Scripting (XSS) vulnerability