EPSS
Percentile
35.9%
WP All Import does not properly verify that a user has permission to execute functions. Coupled with an interesting method that allows arbitrary functions in specific objects to be called allows this to be leveraged in many ways.
www.pritect.net/blog/wp-all-import-vulnerability
www.wpallimport.com/2015/02/wp-import-4-1-1-mandatory-security-update/
packetstormsecurity.com/files/130596/