4 matches found
WordPress Import XML and RSS Feeds Plugin < 2.1.5 is vulnerable to Remote Code Execution (RCE)
Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.5 Fixed in 2.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4521 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 84e300ce2ae3 Credits Enrico Marcolini Required...
CVE-2023-4521
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...
CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...
CVE-2023-4521
The CVE-2023-4521 entry concerns the Import XML and RSS Feeds WordPress plugin. Affected versions prior to 2.1.5 allow unauthenticated RCE via a web shell; the vulnerability arises from PoC files being left behind and not deleted when releasing version 2.1.5. The plugin/vendor themselves were not...