Vulnerabilities > Mooveagency > Import XML AND RSS Feeds > 2.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2023-4300 Unspecified vulnerability in Mooveagency Import XML and RSS Feeds
The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.
network
low complexity
mooveagency
7.2
7.2
2023-09-25 CVE-2023-4521 Unspecified vulnerability in Mooveagency Import XML and RSS Feeds
The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE.
network
low complexity
mooveagency
critical
 9.8
9.8
2021-07-07 CVE-2020-24148 Server-Side Request Forgery (SSRF) vulnerability in Mooveagency Import XML and RSS Feeds 2.0.1
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
network
low complexity
mooveagency CWE-918
6.4
6.4