The plugin does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues
As admin, import the below CSV file via Tools > Import and export users and customers (/wp-admin/tools.php?page=acui) user_login user_email display_name role
CPE | Name | Operator | Version |
---|---|---|---|
import-users-from-csv-with-meta | lt | 1.19.2.1 |