https://www.bleepingcomputer.com/news/security/magento-plugin-magmi-vulnerable-to-hijacking-admin-sessions/

A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.

Hackers can use the flaw to execute arbitrary code on servers running Magmi (Magento Mass Importer) by tricking authenticated administrators into clicking a malicious link.