The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.CreditsHoang PhuongWPScanReferenceshttps://wpscan.com/vulnerability/ed6f00de-bbae-4e89-9d0e-ded0d70e781c/
