What is CVE-2023-4521?

CVE-2023-4521 is a vulnerability in Import Xml And Rss Feeds, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-09-25.

Is CVE-2023-4521 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Import Xml And Rss Feeds

CVE-2023-4521

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously report…

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Import Xml And Rss Feeds — versions 2.1.4

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-4521?: CVE-2023-4521 is a vulnerability in Import Xml And Rss Feeds, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-09-25.
Is CVE-2023-4521 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.