Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2019-11519

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...

EUVD-2018-1829

Malware in sbrugna...

EUVD-2024-29188

Malicious code in bioql PyPI...

CVE-2020-24148

Server-side request forgery SSRF in the Import XML and RSS Feeds import-xml-feed plugin 2.0.1 for WordPress via the data parameter in a moovereadxml action...

CVE-2024-31292

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

CVE-2024-3467

Vulnerability summary (CVE-2024-3467) : AVEVA PI Asset Framework Client is affected. The issue is described as Deserialization of Untrusted Data (CWE-502) in the PI System Explorer workflow, which could allow malicious code to execute under the privileges of an interactive user when XML data is s...

CVE-2023-32172

Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The...

CVE-2024-31292 WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5...

CVE-2024-31292 WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5...

WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Import XML and RSS Feeds versions = 2.1.5...

WordPress Import XML and RSS Feeds Plugin <= 2.1.5 is vulnerable to Arbitrary File Upload

Software Import XML and RSS Feeds Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31292 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 620da896a6c9 Credits stealthcopter Required privilege...

WordPress Import XML and RSS Feeds Plugin < 2.1.4 is vulnerable to Arbitrary File Upload

Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.4 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4300 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c89e25140dca Credits Jonatas Souza Villa Flor Required...

CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

Remote code execution

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...

Code injection

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

CVE-2023-4521

The CVE-2023-4521 entry concerns the Import XML and RSS Feeds WordPress plugin. Affected versions prior to 2.1.5 allow unauthenticated RCE via a web shell; the vulnerability arises from PoC files being left behind and not deleted when releasing version 2.1.5. The plugin/vendor themselves were not...

CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...