Description
WordPress Plugin Import XML and RSS Feeds is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Import XML and RSS Feeds version 2.0.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.3 or latest
References
https://github.com/secwx/research/blob/main/cve/CVE-2020-24148.md
https://plugins.svn.wordpress.org/import-xml-feed/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Social Like Box and Page by WpDevArt Unspecified Vulnerability (0.8.39)
WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)