524 matches found
com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +66 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)
org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =2.7.3, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...
EUVD-2025-208443
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin = 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress...
EUVD-2026-10137
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-2433
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-2433
The CVE-2026-2433 entry concerns the WordPress plugin RSS Aggregator (RSS Import, News Feeds, Feed to Post, Autoblogging) up to version 5.0.11. The root cause is a DOM-based XSS via postMessage arising from admin-shell.js: a global message listener is registered without origin validation, and use...
CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
PT-2026-23847
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global message event listener...
CVE-2026-1216
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...
WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability
Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...
CVE-2026-1941 WP Event Aggregator <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpevents' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress WP Event Aggregator plugin <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin WP Event Aggregator versions = 1.8.7...
WordPress plugin WP Event Aggregator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-20364
The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1216
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...
CVE-2026-1216
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...
CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...
CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...
PT-2026-8400
Name of the Vulnerable Software and Affected Versions RSS Aggregator plugin for WordPress versions up to and including 5.0.10 Description The RSS Aggregator plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...