Lucene search
K

6 matches found

NVD
NVD
added 2026/07/02 10:16 a.m.6 views

CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. Th...

6.4CVSS0.00274EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.9 views

WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References23
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.102 views

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS0.0029EPSS
Exploits0References22
RedhatCVE
RedhatCVE
added 2025/12/12 3:13 a.m.6 views

CVE-2025-11467

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzylazyload function. This makes it possible for unauthenticated attacker...

5.8CVSS5.9AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 1:55 a.m.27 views

CVE-2025-11467

CVE-2025-11467 affects the WordPress plugin “RSS Aggregator by Feedzy” (Feedzy RSS/Feedzy RSS Feeds). The vulnerability is a Blind Server-Side Request Forgery in the feedzy_lazy_load function, exploitable in all versions up to and including 5.1.1. It allows unauthenticated attackers to issue web ...

5.8CVSS5.5AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/24 12:33 p.m.4 views

CVE-2025-11128

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzysanitizefeeds' function. This makes it possible for authenticated attackers...

5CVSS5.8AI score0.00267EPSS
Exploits0References1
Rows per page
Query Builder