CVE-2022-0189

🗓️ 28 Feb 2022 09:06:43Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 134 Views🌐 WEB

The WP RSS Aggregator plugin before 4.20 is vulnerable to Reflected XSS via the id parameter in wprss_fetch_items_row_action AJAX action

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-0189	28 Feb 202209:15	–	attackerkb
CNNVD	WordPress 跨站脚本漏洞	28 Feb 202200:00	–	cnnvd
CNVD	WordPress WP RSS Aggregator plugin cross-site scripting vulnerability	2 Mar 202200:00	–	cnvd
Cvelist	CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)	28 Feb 202209:06	–	cvelist
EUVD	EUVD-2022-15393	3 Oct 202520:07	–	euvd
Nuclei	WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting	29 Jun 202605:52	–	nuclei
NVD	CVE-2022-0189	28 Feb 202209:15	–	nvd
OSV	CVE-2022-0189	28 Feb 202209:15	–	osv
Patchstack	WordPress WP RSS Aggregator plugin <= 4.19.3 - Reflected Cross-Site Scripting (XSS) vulnerability	26 Jan 202200:00	–	patchstack
Prion	Cross site scripting	28 Feb 202209:15	–	prion

NVD

Vulners

Node

wprssaggregator wp_rss_aggregatorRange<4.20wordpress

[
  {
    "product": "WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.20",
        "status": "affected",
        "version": "4.20",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2659298
wpscan	www.wpscan.com/vulnerability/52a71bf1-b8bc-479e-b741-eb8fb9685014

Parameter	Position	Path	Description	CWE
id	request body	wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action	Reflected XSS via unsanitized id parameter in wprss_fetch_items_row_action	CWE-79

17 Jun 2026 04:20Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.02228

CWE-79