Labda

**Name of the Vulnerable Software and Affected Versions** Import and export users and customers plugin for WordPress versions up to, and including, 1.24.2 **Description** The issue allows authenticated attackers with administrator access and above to read and delete the contents of arbitrary files on the server, including wp-config.php, which can contain sensitive information. This is possible via the Recurring Import functionality. **Recommendations** For versions up to, and including, 1.24.2, update to a version later than 1.24.2 to resolve the issue. As a temporary workaround, consider restricting access to the Recurring Import functionality until a patch is available.