CVE-2023-4521
CVE-2023-4521 is a critical-severity vulnerability in Mooveagency Import Xml And Rss Feeds with a CVSS 3.x base score of 9.8. Its EPSS exploit-prediction score of 39% places it in the 98th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Critical (CVSS 3.x base score 9.8)
- EPSS exploit prediction: 39% (98th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Mooveagency Import Xml And Rss Feeds
- Published:
- Last modified:
Description
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
Frequently asked questions
- What is CVE-2023-4521?
- The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.
- How severe is CVE-2023-4521?
- CVE-2023-4521 has a CVSS 3.x base score of 9.8, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-4521 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 39% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-4521?
- CVE-2023-4521 affects Mooveagency Import Xml And Rss Feeds. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-4521?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2023-4521 published?
- CVE-2023-4521 was published on 2023-09-25 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*
More vulnerabilities in Mooveagency Import Xml And Rss Feeds
- CVE-2020-24148 — Critical (CVSS 9.1): Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the…
- CVE-2023-4300 — High (CVSS 7.2): The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing…