Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability discovered in Rara One Click Demo Import plugin (versions <= 1.2.9) by BEE-K.
Update the WordPress Rara One Click Demo Import plugin to the latest available version (at least 1.3.0).