3 matches found
CVE-2024-0630
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-0630
CVE-2024-0630 affects the WP RSS Aggregator plugin for WordPress (versions ≤ 4.23.4). It is a stored Cross-Site Scripting vulnerability via the RSS feed source caused by insufficient input sanitization and output escaping. Exploitation requires administrator-level access and it affects multisite ...
WordPress WP RSS Aggregator Plugin <= 4.23.4 is vulnerable to Cross Site Scripting (XSS)
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.4 Fixed in 4.23.5 OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2024-0630 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 317ce64756d3 Credits Colin Xu Required privilege...