The wp-all-import plugin before 3.4.7 for WordPress has XSS.Referenceshttps://wordpress.org/plugins/wp-all-import/#developers
