There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.
Published April 12, 2019.
Soflyy WP All Import
