The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.Referenceshttps://wordpress.org/plugins/import-users-from-csv-with-meta/#developershttps://wpvulndb.com/vulnerabilities/9176
