CVE-2018-16257
WP All Import plugin version 3.4.9 has multiple XSS vulnerabilities exploitable via the action=template endpoint. The issue affects WordPress installations using this plugin and can lead to client-side code execution, with sources explicitly noting administrator-only access as part of the exposur...