1. Home
  2. CVE Database
  3. CVE-2023-4300
HIGH · 7.2

CVE-2023-4300

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

Vulnerability Description

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MooveagencyImport Xml And Rss Feeds< 2.1.4

References

FAQ

What is CVE-2023-4300?

CVE-2023-4300 is a vulnerability with a CVSS score of 7.2 (HIGH). The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

How severe is CVE-2023-4300?

CVE-2023-4300 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4300?

Check the references section above for vendor advisories and patch information. Affected products include: Mooveagency Import Xml And Rss Feeds.