PT-2026-8400

Name of the Vulnerable Software and Affected Versions RSS Aggregator plugin for WordPress versions up to and including 5.0.10 Description The RSS Aggregator plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-14375

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...

EUVD-2023-2071

Malicious code in bioql PyPI...

WordPress plugin RSS Aggregator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-0628

CVE-2024-0628 affects the WordPress WP RSS Aggregator plugin. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to and including 4.23.5, exploitable by authenticated attackers with administrator-level access to issue web requests from the application (via the RSS feed s...

GHSA-8GC7-WHPH-RX5Q Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery

Jenkins Test Results Aggregator Plugin 1.2.13 and earlier does not perform a permission check in an HTTP endpoint implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. Additionally,...

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2023-37956

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2023-37956

CVE-2023-37956 affects the Jenkins Test Results Aggregator Plugin,

CVE-2023-37955

CVE-2023-37955 affects Jenkins Test Results Aggregator Plugin (versions 1.2.13 and earlier). The vulnerability is a CSRF flaw in an HTTP endpoint that allows an attacker with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, and the endpoint doe...

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2023-37955

A cross-site request forgery CSRF vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

Jenkins Plugin Test Results Aggregator 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Test Resul...