CVE-2023-4300

Summary

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

Affected Software

VendorProductVersion RangeStatus
UnknownImport XML and RSS Feeds0 < 2.1.4affected

Weaknesses

  • CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References