CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-4521 – Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-4521
28 Aug 2023 — The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version. El complemento de WordPress Import XML and RSS Feeds anterior a 2.1.5 contiene un shell web que permite a atacantes no autent... • https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4300 – Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-4300
28 Aug 2023 — The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. El complemento de WordPress Import XML y RSS Feeds anterior a 2.1.4 no filtra las extensiones de archivos para los archivos cargados, lo que permite a un atacante cargar un archivo PHP malicioso, lo que lleva a la ejecución remota de código. The Import XML and RSS Feeds plugin for WordPress is vulnerable to arbit... • https://github.com/bde574786/CVE-2023-4300 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 46%CPEs: 1EXPL: 1CVE-2020-24148 – Import XML and RSS Feeds <= 2.0.2 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-24148
13 Apr 2021 — Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. Una vulnerabilidad de tipo Server-side request forgery (SSRF) en el plugin Import XML and RSS Feeds (import-xml-feed) versión 2.0.1 para WordPress, por medio del parámetro data en una acción moove_read_xml The Import XML and RSS Feeds plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.0.2 via the ... • https://github.com/dwisiswant0/CVE-2020-24148 • CWE-918: Server-Side Request Forgery (SSRF) •