WordPress: PII of users can be downloaded from export pages

Sensitive personally identifiable information PII of users, including their name, email, phone number, role, and organization, was exposed on the https://doaction.org/ website. The PII was found in CSV files that could be downloaded from various endpoints on the website, which could be enumerated...