Lucene search
China National Vulnerability DatabaseCNVD-2022-66600HistoryMar 02, 2022 - 12:00 a.m.
WordPress WP RSS Aggregator plugin cross-site scripting vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
41.6%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress WP RSS Aggregator plugin prior to 4.20, which stems from the plugin’s failure to output the id parameter of the wprss_fetch_items_row_action AJAX operation back to the response before outputting it back to the response, it is not cleaned up and escaped, and an attacker can use this vulnerability to cause reflected cross-site scripting.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wp rss aggregator plugin | lt | 4.20 |
Related
prion
prion
Cross site scripting
2022-02-28 09:15:00
nuclei
nuclei
WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
2022-03-27 14:25:03
nvd
nvd
CVE-2022-0189
2022-02-28 09:15:08
cve
cve
CVE-2022-0189
2022-02-28 09:15:08
wpvulndb
wpvulndb
WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)
2022-01-26 00:00:00
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)
2022-01-26 00:00:00