Mooveagency Import Xml And Rss Feeds vulnerabilities
3 known vulnerabilities affecting mooveagency/import_xml_and_rss_feeds.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-4521P1CRITICALCVSS 9.8PoCfixed in 2.1.52023-09-25
CVE-2023-4521 [CRITICAL] CWE-94 CVE-2023-4521: The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenti
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created fil
nvd
CVE-2020-24148P2CRITICALCVSS 9.1PoCv2.0.12021-07-07
CVE-2020-24148 [CRITICAL] CWE-918 CVE-2020-24148: Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 fo
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
nvd
CVE-2023-4300P3HIGHCVSS 7.2fixed in 2.1.42023-09-25
CVE-2023-4300 [HIGH] CWE-94 CVE-2023-4300: The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploa
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
nvd