Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an malicious user to activate any installed plugin.
accesspressthemes access demo importer