Lucene search
Enrico MarcoliniWPVDB-ID:DE2CDB38-3A9F-448E-B564-A798D1E93481HistoryAug 30, 2023 - 12:00 a.m.
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
2023-08-3000:00:00
Enrico Marcolini
wpscan.com
6
xml feeds
rss feeds
unauthenticated rce
web shell
poc
Description The plugin contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
PoC
Related
cve
cve
CVE-2023-4521
2023-09-25 16:15:15
nvd
nvd
CVE-2023-4521
2023-09-25 16:15:15
nuclei
nuclei
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
2024-05-06 06:29:20
cvelist
cvelist
CVE-2023-4521 Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
2023-09-25 15:56:53
wpexploit
wpexploit
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
2023-08-30 00:00:00
prion
prion
Code injection
2023-09-25 16:15:00
wordfence
wordfence
AI Score
9.5
Confidence
High
EPSS
0.014
Percentile
86.7%
Related for WPVDB-ID:DE2CDB38-3A9F-448E-B564-A798D1E93481