CVE-2018-16257 (wp_all_import)

There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template.
Source: NIST
CVE-2018-16257 (wp_all_import)