A vulnerability was found in addonspress Advanced Import Plugin up to 1.4.6 on WordPress. It has been declared as critical . This affects the function wp_remote_get of the component AJAX Handler . The manipulation of the argument demo_file results in server-side request forgery. This vulnerability is identified as CVE-2026-4328 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.