WordPress is a blogging platform developed using the PHP language. WordPress Import any XML or CSV File plugin versions prior to 3.6.8 are vulnerable to arbitrary file uploads, which originate from accepting all zip files and automatically extracting the zip file without validating the extracted file type, which can be exploited by attackers to The vulnerability is caused by accepting all zip files and automatically extracting the zip file without validating the extracted file type.