CVE-2025-11467

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

EUVD-2025-202643

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

WordPress RSS Aggregator by Feedzy plugin <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Feedzy versions = 5.1.1...

WordPress plugin RSS Aggregator by Feedzy 代码问题漏洞

WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...

CVE-2025-11128 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzysanitizefeeds' function. This makes it possible for authenticated attackers...

EUVD-2020-24199

Malware in sbrugna...

EUVD-2023-59012

Malicious code in bioql PyPI...

EUVD-2023-59009

Malicious code in bioql PyPI...

CVE-2024-1092

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...

CVE-2023-6801

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes ...

CVE-2023-6805

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetchfeed functionality. This makes it possible for authenticated attackers,...

CVE-2022-4667

The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2020-36758

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the savefeedzyposttypemeta function. This makes it possible for unauthenticated attackers to update post...

CVE-2024-1317

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2023-6805

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetchfeed functionality. This makes it possible for authenticated attackers,...

CVE-2023-6805 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF)

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetchfeed functionality. This makes it possible for authenticated attackers,...

WordPress RSS Aggregator by Feedzy plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Error Message vulnerability discovered by Colin Xu in WordPress Plugin Feedzy versions = 4.3.3...

CVE-2024-1317 RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...