CVE-2023-4521
published 2023-09-25CVE-2023-4521: The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
39.55%
98.4th percentile
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mooveagency | import_xml_and_rss_feeds | < 2.1.5 | 2.1.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Check for the presence of the web shell file at the known path under the plugin's uploads directory; unauthenticated GET requests to this PHP file with a `cmd` parameter indicate active exploitation. ↗
- →The vulnerability allows unauthenticated RCE via a pre-existing web shell dropped in the plugin's uploads folder; no authentication is required to trigger command execution. ↗
- →Confirm plugin presence first by verifying the readme.txt returns 'Import XML and RSS Feeds' before probing for the web shell. ↗
- ·The web shell was NOT introduced by a supply-chain compromise; it was left behind after running a PoC for a previously reported issue and not cleaned up before the release. ↗
- ·The specific web shell filename (169227090864de013cac47b.php) is tied to this particular PoC artifact; other deployments of the same plugin version may have differently named shells if the PoC was run independently. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
nuclei·CVSS 9.8
CVE-2023-4521 [CRITICAL] Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
Template:
id: CVE-2023-4521
info:
name: Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
author: princechaddha
severity: critical
description: The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
impact: |
Allows unauthenticated attackers to execute arbitrary code on the target system.
remediation: |
Update the Import XML and RSS Feeds WordPress Plugin to the latest version to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481
classification:
cvs
No writeups or analysis indexed.
2023-09-25
Published