Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.13 views

CVE-2024-0628

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

3.8CVSS6.5AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/07 6:46 a.m.15 views

CVE-2024-0628

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...

3.8CVSS6.5AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2024/02/07 6:46 a.m.52 views

CVE-2024-0628

CVE-2024-0628 affects the WordPress WP RSS Aggregator plugin. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to and including 4.23.5, exploitable by authenticated attackers with administrator-level access to issue web requests from the application (via the RSS feed s...

3.8CVSS5.2AI score0.00363EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.20 views

WordPress WP RSS Aggregator Plugin <= 4.23.5 is vulnerable to Server Side Request Forgery (SSRF)

Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.5 Fixed in 4.23.6 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-0628 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID dd1943fc88ab Credits Colin Xu Requir...

3.8CVSS6.6AI score0.00363EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder