CVE-2026-57940

CVE-2026-57940 affects HTMLy 3.1.1 and describes an SSRF in the RSS feed import. The vulnerable code path is get_feed() in system/admin/admin.php, which passes user-supplied feed_url directly to file_get_contents() without validation. An authenticated admin can exploit this by supplying a crafted...

CVE-2026-57940

HTMLy 3.1.1 contains a Server-Side Request Forgery SSRF vulnerability in the RSS feed import functionality. The function getfeed in system/admin/admin.php passes user-supplied $feedurl directly to filegetcontents without any validation. An authenticated attacker with administrative privileges can...

PT-2024-37752 · WordPress · The Rss Aggregator

Name of the Vulnerable Software and Affected Versions: The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress versions up to, and including, 4.23.11 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify dat...

Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

The extension fails to properly encode user input for output in HTML context...

Dotclear 2.9.1 SSRF / XSPA

Dotclear 2.9.1 SSRF/XSPA Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Dotclear has a feature to import blog content through RSS...