CVSS 3.1 Score 9.8 of 10 (high)


Published Sep 25, 2023
Updated: Nov 7, 2023


CVE-2023-4521 is a critical vulnerability affecting the Import XML and RSS Feeds WordPress plugin before version 2.1.5. This vulnerability allows unauthenticated attackers to execute remote code execution (RCE) due to the presence of a web shell. The plugin/vendor was not compromised, but the files were left behind after running a proof-of-concept for a previously reported issue. To remediate this vulnerability, users should update their plugin to version 2.1.5 or higher. This vulnerability poses a high danger to organizations as it allows attackers to gain unauthorized access and potentially control the affected WordPress site, leading to data breaches and other malicious activities.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4521 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options