PT-2021-11019 · WordPress · Import Xml/Rss Feeds Plugin
Published
2021-07-07
·
Updated
2021-07-10
·
CVE-2020-24148
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Import XML and RSS Feeds plugin version 2.0.1
Description:
The issue is related to server-side request forgery (SSRF) in the Import XML and RSS Feeds plugin for WordPress. This occurs via the
data parameter in a moove read xml action.Recommendations:
For Import XML and RSS Feeds plugin version 2.0.1, consider restricting access to the
moove read xml action to minimize the risk of exploitation. Avoid using the data parameter in the affected action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Import Xml/Rss Feeds Plugin