Unauthenticated Options Import, which could lead to - Website Redirection - Administrator Account Creation - Content Injection - Stored XSS The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering.