Описание
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.4 (исключая)
cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 93%
0.11127
Средний
7.2 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
EPSS
Процентиль: 93%
0.11127
Средний
7.2 High
CVSS3