4 matches found
WordPress Import XML and RSS Feeds Plugin < 2.1.4 is vulnerable to Arbitrary File Upload
Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.4 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4300 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c89e25140dca Credits Jonatas Souza Villa Flor Required...
CVE-2023-4300
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...
CVE-2023-4300 Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...
CVE-2023-4300
The CVE-2023-4300 entry concerns the WordPress plugin Import XML and RSS Feeds, prior to version 2.1.4. The root cause is failure to filter file extensions for uploaded files, enabling an attacker to upload a PHP file and achieve Remote Code Execution. Public details across sources confirm the af...