Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.6.8).
Universe discovered and reported this Arbitrary Code Execution vulnerability in WordPress Import any XML or CSV File to WordPress Plugin. This could allow a malicious actor to remotely execute malicious code on your site. This vulnerability has been fixed in version 3.6.8.