.. / CVE-2023-4521

Exploit for Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE (CVE-2023-4521)

Description:

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.

Nuclei Template

View the template here CVE-2023-4521.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-4521.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4521
https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481