Lucene search
+L

4 matches found

patchstack
patchstack
added 2023/09/26 12:0 a.m.15 views

WordPress Import XML and RSS Feeds Plugin < 2.1.5 is vulnerable to Remote Code Execution (RCE)

Software Import XML and RSS Feeds Type Plugin Vulnerable versions 2.1.5 Fixed in 2.1.5 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-4521 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 84e300ce2ae3 Credits Enrico Marcolini Required...

9.8CVSS7.6AI score0.39294EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2023/09/25 4:15 p.m.34 views

CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

9.8CVSS9.6AI score0.39294EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/09/25 3:56 p.m.6 views

CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue...

9.6AI score0.39294EPSS
Exploits2References1
cve
cve
added 2023/09/25 3:56 p.m.111 views

CVE-2023-4521

The CVE-2023-4521 entry concerns the Import XML and RSS Feeds WordPress plugin. Affected versions prior to 2.1.5 allow unauthenticated RCE via a web shell; the vulnerability arises from PoC files being left behind and not deleted when releasing version 2.1.5. The plugin/vendor themselves were not...

9.8CVSS9.6AI score0.39294EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder