CVE-2024-31292 – WordPress Import XML and RSS Feeds plugin <= 2.1.5 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-31292

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. Carga de archivos sin restricciones con vulnerabilidad de tipo peligroso en fuentes XML y RSS de importación de Moove Agency. Este problema afecta a fuentes XML y RSS de importación: desde n/a hasta 2.1.5. The Import XML and RSS Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moove_set_featured_image() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/import-xml-feed/wordpress-import-xml-and-rss-feeds-plugin-2-1-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •