CVE-2023-4521

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 25, 2023

Updated: Nov 7, 2023

CWE ID 942

CWE ID 697

Summary

CVE-2023-4521 is a newly disclosed vulnerability affecting the Import XML and RSS Feeds plugin before version 2.1.5 for WordPress. The issue permits unauthenticated attackers to execute remote code (RCE) on affected installations due to the presence of a web shell. This vulnerability did not result from a compromise of the plugin or its vendor. Instead, it stems from a proof-of-concept (PoC) demonstrating a previously reported issue that was not fully resolved when the new plugin version was released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Westermo Teleindustri AB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s_GFMv
https://www.cve.org/CVERecord?id=CVE-2023-4521
https://nvd.nist.gov/vuln/detail/CVE-2023-4521

Back to Vulnerability Database

CVE-2023-4521

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations