WordPress Plugin FeedWordPress Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

FeedWordPress < 2024.0428 - Unauthenticated Draft Access

Description The plugin is vulnerable to Insecure Direct Object Reference due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information...

WordPress FeedWordPress Plugin <= 2022.0222 is vulnerable to Insecure Direct Object References (IDOR)

Software FeedWordPress Type Plugin Vulnerable versions = 2022.0222 Fixed in 2024.0428 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-0839 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f44abdf037d4 Credits Krzyszt...

WordPress plugin FeedWordPress cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A security vulnerability exists in previous versions of the WordPress plugin FeedWordPress 2022.0123, which stems from a lack of effective filtering and escaping of the "visibility" parameter. No detail...

CVE-2021-25055

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter...

CVE-2021-25055

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter...

Cross site scripting

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter...

CVE-2021-25055

CVE-2021-25055 affects the WordPress FeedWordPress plugin prior to 2022.0123, with a Reflected Cross-Site Scripting (XSS) flaw in the visibility parameter. Exploitation could lead to unauthorized access, data theft, and potential compromise of the affected WordPress site. Remediation: update to t...

CVE-2021-25055 FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The FeedWordPress plugin before 2022.0123 is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter...

WordPress plugin FeedWordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A security vulnerability exists in previous versions of the WordPress plugin FeedWordPress 2022.0123, which stems from a lack of effective filtering and escaping of the "visibility" parameter. No detail...

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter. https://example.com/wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28origin%29%3E...

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting XSS within the "visibility" parameter. PoC https://example.com/wp-admin/admin.php?page=feedwordpress%2Fsyndication.php=%22%3E%3Cimg+src%3D2+onerror%3Dalert%28origin%29%3E...

WordPress FeedWordPress plugin <= 2021.0713 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Hung Chien in WordPress FeedWordPress plugin versions = 2021.0713. Solution Update the WordPress FeedWordPress plugin to the latest available version at least 2022.0123...

CVE-2015-9358

The feedwordpress plugin before 2015.0514 for WordPress has XSS via addqueryarg and removequeryarg...

Design/Logic Flaw

The feedwordpress plugin before 2015.0514 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9358

The feedwordpress plugin before 2015.0514 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9358

The feedwordpress WordPress plugin prior to 2015.0514 is affected by CVE-2015-9358: an XSS flaw exploitable via manipulated query arguments using add_query_arg() and remove_query_arg(). The vulnerability is described as a cross-site scripting issue impacting the plugin before the stated release, ...

CVE-2015-4018

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the linkids parameter in an Update action in the syndication.php page to wp-admin/admin.php...

Sql injection

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the linkids parameter in an Update action in the syndication.php page to wp-admin/admin.php...

CVE-2015-4018

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the linkids parameter in an Update action in the syndication.php page to wp-admin/admin.php...