Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE) discovered by ericfrank900528 in WordPress Import WP plugin (versions <= 2.4.5).
Update the WordPress Import WP plugin to the latest available version (at least 2.4.6).