CVE-2023-4521

Name of the Vulnerable Software and Affected Versions Import XML and RSS Feeds WordPress plugin versions prior to 2.1.5

Description The issue allows unauthenticated attackers to perform remote code execution (RCE) due to a web shell in the plugin. This web shell was introduced as a result of a proof of concept (PoC) for a previously reported issue, and the files were not deleted when the new version was released.

Recommendations For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is applied. Restrict access to the plugin's functionality to minimize the risk of exploitation.