Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
CVE-2023-4300
7.2HIGH
Summary
The Import XML and RSS Feeds plugin for WordPress before version 2.1.4 is susceptible to a vulnerability that allows an attacker to upload files without proper extension filtering. This flaw could enable the execution of malicious PHP code, resulting in unauthorized control over the affected WordPress site. Site administrators are urged to upgrade to the latest version to mitigate this risk.
Affected Version(s)
Import XML and RSS Feeds 0 < 2.1.4
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jonatas Souza Villa Flor
WPScan