CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

PT-2025-45087

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions up to and including 2.8.11 Description The WPeMatico RSS Feed Fetcher plugin for WordPress is susceptible to Server-Side Request Forgery via the wpematico test feed function. Authenticated attackers with...

CVE-2025-49922

Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...

CVE-2025-49922 WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...

PT-2025-43186

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions through 2.8.3 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations...

EUVD-2025-30697

Malicious code in bioql PyPI...

CVE-2025-57937

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.10...

WordPress WPeMatico RSS Feed Fetcher Plugin <= 2.8.10 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.10...

CVE-2025-57937

CVE-2025-57937 describes a missing access control in the WPeMatico RSS Feed Fetcher (WPematico) plugin. The vulnerability exposes sensitive system information to an unauthorized actor, allowing retrieval of embedded sensitive data. Affected component: WPeMatico RSS Feed Fetcher; affected versions...

CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...

WordPress plugin WPeMatico RSS Feed Fetcher 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function vulnerability

Cross-Site Request Forgery to Plugin Deactivation via handlefeedbacksubmission Function vulnerability discovered by wesley wcraft in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.7...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.3...

WPeMatico RSS Feed Fetcher Plugin for WordPress < 2.6.12 Stored Cross-Site Scripting

The WordPress WPeMatico RSS Feed Fetcher Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Cross site scripting

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24793

CVE-2021-24793 references the WPeMatico RSS Feed Fetcher WordPress plugin, before version 2.6.12, which does not escape the feed URL added to a campaign before outputting it in an attribute. This enables stored Cross‑Site Scripting (XSS) when exploited by high‑privilege users, even when unfiltere...

CVE-2021-24793 WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a campaign and add the following feed URL:...

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a campaign and add the following feed URL:...

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.6.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress WPeMatico RSS Feed Fetcher plugin versions = 2.6.11. Solution Update the WordPress Connections Business Directory plugin to the latest available version...