Lucene search

[email protected]NVD:CVE-2023-4521

HistorySep 25, 2023 - 4:15 p.m.

CVE-2023-4521

2023-09-2516:15:15

[email protected]

web.nvd.nist.gov

wordpress

plugin

web shell

rce

unauthenticated

cve-2023-4521

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.

Affected configurations

Nvd

Node

mooveagencyimport_xml_and_rss_feedsRange<2.1.5wordpress

VendorProductVersionCPE
mooveagencyimport_xml_and_rss_feeds*cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
mooveagency	import_xml_and_rss_feeds	*	cpe:2.3:a:mooveagency:import_xml_and_rss_feeds::::::wordpress::*

References

wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.014

Percentile

86.7%

JSON

Related for NVD:CVE-2023-4521

cve1 cvelist1 wpexploit1 nuclei1 prion1 wpvulndb1 wordfence1