Authenticated Arbitrary Code Execution vulnerability discovered by Universe (Patchstack Alliance) in WordPress Import any XML or CSV File to WordPress plugin (versions <= 3.6.7).
Update the WordPress Import any XML or CSV File to WordPress plugin to the latest available version (at least 3.6.8).