This vulnerability is a Cross‑Site Request Forgery flaw that allows an attacker to induce a logged‑in user with import privileges to perform import operations in the Import into Easy Property Listings plugin. The application does not validate a CSRF token or similar mechanism before executing state‑changing import requests, which is reflected in the CWE‑352 classification. The result is that an attacker may cause the plugin to process XML or CSV data they control, potentially leading to data corruption or unauthorized actions within the WordPress site.

The weakness exists in the Merv Barrett Import into Easy Property Listings plugin from its earliest releases up to and including version 2.2.1. Users who have installed any build 2.2.1 or older are exposed to this flaw.

The CVSS score of 4.3 indicates that the vulnerability is considered to have a low overall severity, and the EPSS score of less than 1% indicates a very low likelihood of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog, which suggests that no widespread exploitation has been reported. Based on the description and typical CSRF attack patterns, it is inferred that an attacker must entice a privileged user to visit a crafted URL or submit a malicious form that targets the import endpoint, thereby executing unintended import actions on behalf of that user.