Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation discovered by Ex.Mi (Patchstack) in WordPress Access Demo Importer plugin (versions <= 1.0.7).
Update the WordPress Access Demo Importer plugin to the latest available version (at least 1.0.8).