94 matches found
EUVD-2026-27189
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5159
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5159 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Follow Button Text' Parameter
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-36967
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram follow text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Royal Addons for Elementor plugin <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Instagram Feed Widget vulnerability discovered by Caspian in WordPress Plugin Royal Elementor Addons versions = 1.7.1056...
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5162
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-23340
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagramfollowtext' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-5162
The CVE-2026-5162 entry concerns the Royal Addons for Elementor plugin (WordPress). It describes a Stored Cross-Site Scripting vulnerability in the Instagram Feed widget, exploitable via the instagram_follow_text setting in all versions up to 1.7.1056 due to insufficient input sanitization and ou...
PT-2026-33394
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram follow text' setting in all versions up to, and including, 1.7.1056 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress RSS Feed Widget plugin < 3.0.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin RSS Feed Widget versions 3.0.0...
CVE-2020-24314
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...
CVE-2025-69349
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through = 3.0.2...
WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Widget versions = 3.0.2...
CVE-2025-69349 WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through = 3.0.2...
CVE-2025-69349
CVE-2025-69349 affects RSS Feed Widget for WordPress (RSS Feed Widget) with a Missing Authorization flaw in versions up to 3.0.2 due to incorrectly configured access controls. This allows unauthorized access/impact on protected data per Wordfence, with CVSS 3.1 base score 5.4 (NETWORK, LOW privil...
CVE-2025-69349 WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through = 3.0.2...
WordPress plugin RSS Feed Widget 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1477
Name of the Vulnerable Software and Affected Versions Fahad Mahmood RSS Feed Widget versions through 3.0.2 Description An issue exists in Fahad Mahmood RSS Feed Widget related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue is a missin...
EUVD-2020-17048
Malware in sbrugna...