CVE-2022-3677 Information

Description

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org and activate arbitrary ones from the blog via CSRF attacks

Reference

https://wpscan.com/vulnerability/5a7c6367-a3e6-4411-8865-2a9dbc9f1450