Lucene search
HistorySep 25, 2023 - 4:15 p.m.
CVE-2023-4300
cve-2023-4300
wordpress
plugin
file upload
remote code execution
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.5%
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
Affected configurations
Node
mooveagencyimport_xml_and_rss_feedsRange<2.1.4wordpress
Related
wpvulndb
wpvulndb
Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
2023-08-30 00:00:00
wpexploit
wpexploit
Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
2023-08-30 00:00:00
cvelist
cvelist
cve
cve
CVE-2023-4300
2023-09-25 16:15:15
prion
prion
Remote code execution
2023-09-25 16:15:00
wordfence
wordfence
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.5%
Related for NVD:CVE-2023-4300