CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976

The CVE-2026-8976 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator . It states a vulnerability in all versions up to and including 5.1.7: an authorization bypass where the plugin does not properly verify a user’s perm...

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

EUVD-2024-22744

Malicious code in bioql PyPI...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

Magento ver. 2.4.6 - XSLT Server Side Injection

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL:...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

Design/Logic Flaw

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

Adobe Commerce Security Breach

Adobe Commerce is a leading global digital commerce solution for merchants and brands from Adobe. A security vulnerability exists in Adobe Commerce that stems from an XSLT server injection vulnerability in the Import Jobs function of the FireBear Improved Import And Export plugin...

PT-2024-20928 · Unknown · Firebear Improved Import/Export

Name of the Vulnerable Software and Affected Versions: FireBear Improved Import And Export version 3.8.6 Description: A XSLT Server Side injection vulnerability in the Import Jobs function allows attackers to execute arbitrary commands via a crafted XSLT file. The vulnerability can be exploited b...

Magento 2.4.6 XSLT Server Side Injection Vulnerability

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL: https://magento2demo.firebearstudio.com...