3 matches found
WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
WordPress RSS Aggregator 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to reflected cross-site scripting. id: CVE-2022-0189 info: name: WordPress...
CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0189
CVE-2022-0189 affects the WordPress WP RSS Aggregator plugin up to version 4.20. The issue is a reflected XSS in the wprss_fetch_items_row_action AJAX endpoint caused by insufficient sanitization/escaping of the id parameter in the response. The exploitation requires an authenticated user (per th...