CVE-2020-24148 Proof-of-Concept
CVE-2020-24148 Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 201 for WordPress via the data parameter in a moove_read_xml action Vulnerable code: /moove-actionsphp: public function moove_read_xml() { $args = array( 'data' => esc_sql( wp_unslash( $_POST['data'] ) ), 'xmlaction'