CVE-2019-14683

Name of the Vulnerable Software and Affected Versions Import users from CSV with meta plugin versions prior to 1.14.2.2

Description The issue allows for a CSRF attack via the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint. This affects the "Import users from CSV with meta" plugin for WordPress, potentially allowing unauthorized actions.

Recommendations For versions prior to 1.14.2.2, update to version 1.14.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php?action=acui delete attachment" API endpoint to minimize the risk of exploitation.