Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload
CVE-2023-4300

7.2HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
25 September 2023

Summary

The Import XML and RSS Feeds plugin for WordPress before version 2.1.4 is susceptible to a vulnerability that allows an attacker to upload files without proper extension filtering. This flaw could enable the execution of malicious PHP code, resulting in unauthorized control over the affected WordPress site. Site administrators are urged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Import XML and RSS Feeds 0 < 2.1.4

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jonatas Souza Villa Flor
WPScan
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.