CVE-2025-13031

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2025-11917 WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematicotestfeed function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2025-49922

The CVE-2025-49922 entry concerns the WordPress WPeMatico RSS Feed Fetcher plugin (

WordPress plugin WPeMatico RSS Feed Fetcher 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function vulnerability

Cross-Site Request Forgery to Plugin Deactivation via handlefeedbacksubmission Function vulnerability discovered by wesley wcraft in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.7...