6 matches found
CVE-2024-1317
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-1317
creationtimestamp| type| source ---|---|--- 2024-03-03 10:16:44+00:00| seen| https://t.me/ctinow/198647...
CVE-2024-1317 RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-1317
The CVE-2024-1317 vulnerability affects the WordPress plugin RSS Aggregator by Feedzy (slug feedzy-rss-feeds). A SQL Injection exists in the search_key parameter for versions up to 4.4.2 due to insufficient escaping and improper use of prepare in a LIKE clause, allowing authenticated attackers wi...
SQL Injection Vulnerability Patched in RSS Aggregator by Feedzy WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 1st, 2024, during our second Bug Bounty...
WordPress RSS Aggregator by Feedzy Plugin <= 4.4.2 is vulnerable to SQL Injection
Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1317 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a5aca4f5509d Credits Lucio Sá Required privilege Contributor...