Cyber Resilience

CVE-2023-4521

CriticalPublic PoC

Published: 25 September 2023

Published
25 September 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9261 99.8th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4521 is a critical-severity an unspecified weakness vulnerability in Mooveagency Import Xml And Rss Feeds. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Import XML and RSS Feeds WordPress plugin before version 2.1.5 contains a web shell that was inadvertently left in the released package. The files originated from a proof-of-concept run against a prior reported issue and were not removed before the new version was published; the vendor itself was not compromised. This results in a critical vulnerability rated 9.8 on CVSS 3.1, affecting any site running an unpatched copy of the plugin.

Unauthenticated attackers with network access can directly invoke the web shell to execute arbitrary code on the underlying server, achieving full remote code execution with impacts to confidentiality, integrity, and availability. No authentication, user interaction, or special conditions are required.

The referenced WPScan advisory confirms the root cause as residual PoC artifacts and states that sites should update to version 2.1.5 or later to remove the web shell. Administrators are advised to inspect deployed instances for unexpected files matching the PoC output and to verify plugin integrity after upgrading.

The CVE carries a high exploitation probability with an EPSS score of 0.9261 (peak 0.9273), indicating substantial real-world interest following disclosure.

EU & UK References

Vulnerability details

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue…

more

(https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mooveagency
import xml and rss feeds
≤ 2.1.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References