Authenticated SQL Injection (SQLi) vulnerability discovered by Sanjay Das in WordPress Import all XML, CSV & TXT plugin (versions <= 6.5.7).
Update the WordPress WP Ultimate CSV Importer plugin to the latest available version (at least 6.5.8).