Security Advisory

CVE-2023-4300

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-25 15:56:51

Last updated 2025-04-23 16:16:07

Assigner WPScan

State PUBLISHED

Description

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

← Browse all CVEs View on cve.org ↗