mooveagency CVE Vulnerabilities & Metrics

Focus on mooveagency vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About mooveagency Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with mooveagency. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total mooveagency CVEs: 11
Earliest CVE date: 14 May 2021, 12:15 UTC
Latest CVE date: 16 Mar 2025, 06:15 UTC

Latest CVE reference: CVE-2025-1624

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 6

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical mooveagency CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.36

Max CVSS: 6.4

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS mooveagency CVEs

These are the five CVEs with the highest CVSS scores for mooveagency, sorted by severity first and recency.

CVE-2020-24148 mooveagency Published on 07 Jul 2021, 14:15 UTC (CVSS: 6.4)
Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
CVE-2021-24287 mooveagency Published on 14 May 2021, 12:15 UTC (CVSS: 4.3)
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVE-2021-24286 mooveagency Published on 14 May 2021, 12:15 UTC (CVSS: 4.3)
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
CVE-2025-1624 mooveagency Published on 16 Mar 2025, 06:15 UTC (CVSS: 0)
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1623 mooveagency Published on 16 Mar 2025, 06:15 UTC (CVSS: 0)
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

All CVEs for mooveagency

CVE-2025-1624 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2025-1623 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

CVE-2025-1622 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2025-1621 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

CVE-2025-1620 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

CVE-2025-1619 mooveagency vulnerability CVSS: 0 16 Mar 2025, 06:15 UTC

CVE-2023-4521 mooveagency vulnerability CVSS: 0 25 Sep 2023, 16:15 UTC

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.

CVE-2023-4300 mooveagency vulnerability CVSS: 0 25 Sep 2023, 16:15 UTC

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.

CVE-2020-24148 mooveagency vulnerability CVSS: 6.4 07 Jul 2021, 14:15 UTC

Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.

CVE-2021-24287 mooveagency vulnerability CVSS: 4.3 14 May 2021, 12:15 UTC

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

CVE-2021-24286 mooveagency vulnerability CVSS: 4.3 14 May 2021, 12:15 UTC

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue