Woocommerce Stock Manager < 2.6.0 - CSRF to Arbitrary File Upload

The plugin is vulnerable to CSRF leading to Arbitrary File Upload due to missing nonce and file validation in the /admin/views/import-export.php file.

PoC

File will upload to: /wp-content/plugins/woocommerce-stock-manager/admin/views/upload/PoC.php