The Import and export users and customers plugin for WordPress contains a high-severity privilege escalation flaw that allows attackers to elevate their access to administrative levels.

This plugin is vulnerable to privilege escalation. An authenticated attacker can exploit flaws in the plugin's user management logic to grant themselves administrative privileges, bypassing intended security restrictions.

The impact is a total loss of control over the WordPress site. An attacker gaining administrative access can perform any action, including data exfiltration, site defacement, and the creation of backdoor accounts. The CVSS score of 8.1 indicates a high risk to the organization's digital assets.

Immediate Action: Update the plugin to the latest version immediately. If an update is not available, uninstall the plugin until a patch is released.

Proactive Monitoring: Check for any newly created administrator accounts and review the site's user list for discrepancies.

Compensating Controls: Restrict access to user import/export functions to only the most trusted administrators and use file integrity monitoring to detect unauthorized changes.

Public Exploit Available: false

The ability for an attacker to escalate privileges is a critical security failure. Administrators must apply the update immediately or remove the plugin to mitigate the risk of a full site compromise.