CVE-2022-3677
The CVE relates to the Advanced Import WordPress plugin prior to version 1.3.8, where a CSRF flaw allows an authenticated admin to install arbitrary plugins from WordPress.org and activate arbitrary plugins via CSRF attacks. Root cause: lack of CSRF checks during plugin installation/activation. I...