Lucene search
+L

4 matches found

patchstack
patchstack
added 2023/09/26 12:0 a.m.15 views

WordPress Import XML and RSS Feeds Plugin < 2.1.4 is vulnerable to Arbitrary File Upload

Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.4 Fixed in 2.1.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-4300 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c89e25140dca Credits Jonatas Souza Villa Flor Required...

7.2CVSS7.2AI score0.01698EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2023/09/25 4:15 p.m.27 views

CVE-2023-4300

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...

7.2CVSS7.3AI score0.01698EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/09/25 3:56 p.m.9 views

CVE-2023-4300 Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution...

7.6AI score0.01698EPSS
Exploits2References1
cve
cve
added 2023/09/25 3:56 p.m.81 views

CVE-2023-4300

The CVE-2023-4300 entry concerns the WordPress plugin Import XML and RSS Feeds, prior to version 2.1.4. The root cause is failure to filter file extensions for uploaded files, enabling an attacker to upload a PHP file and achieve Remote Code Execution. Public details across sources confirm the af...

7.2CVSS7.4AI score0.01698EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder