WP All Import

Authenticated (Administrator+) PHP Object Injection via Import File vulnerability <= 3.7.9

CrossSite Request Forgery to Imported Content Deletion <= 3.7.9

Cross Site Request Forgery (CSRF) vulnerability <= 3.7.3

Auth. Directory traversal vulnerability <= 3.6.8

Auth. Arbitrary File Upload vulnerability <= 3.6.8