CVE-2020-24148
published 2021-07-07CVE-2020-24148: Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml…
PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EXPLOIT
EPSS
14.74%
96.3th percentile
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mooveagency | import_xml_and_rss_feeds | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with the query parameter action=moove_read_xml and a body containing type=url and an external/internal URL in the data parameter. ↗
- →Presence of the plugin can be fingerprinted by probing /wp-content/plugins/import-xml-feed/readme.txt and checking the response body for the string 'Import XML feed'. ↗
- →Shodan query 'http.html:"import-xml-feed"' and FOFA query 'body="import-xml-feed"' can be used to identify internet-exposed WordPress instances running the vulnerable plugin. ↗
- →The SSRF is triggered via the 'data' parameter in a moove_read_xml action; monitor for outbound HTTP requests originating from the web server process following such POST requests. ↗
- ·The exploit requires no authentication (PR:N), meaning any unauthenticated HTTP client can trigger the SSRF via the admin-ajax.php endpoint without a valid WordPress session. ↗
- ·The vulnerability is confirmed only in plugin version 2.0.1 and below; version 2.0.2 or higher is patched. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
nuclei·CVSS 9.1
CVE-2020-24148 [CRITICAL] Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.
Template:
id: CVE-2020-24148
info:
name: Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery
author: dwisiswant0
severity: critical
description: WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action.
impact: |
Unauthenticated attackers can perform server-side request forgery to access internal resources, scan internal networks, or retrieve sensitive data from internal systems.
r
No writeups or analysis indexed.
2021-07-07
Published