CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability

Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...

CVE-2025-7828

The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion

The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...

CVE-2008-0272

Cross-site request forgery CSRF vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users...