WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting

WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user ...

Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery

WordPress plugin Import XML and RSS Feeds import-xml-feed plugin 2.0.1 contains a server-side request forgery SSRF vulnerability via the data parameter in a moovereadxml action. id: CVE-2020-24148 info: name: Import XML & RSS Feeds WordPress Plugin = 2.0.1 Server-Side Request Forgery author:...

WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue. id: CVE-2021-24286 info: name: WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting author: r3Y3r53 severity: medium descriptio...

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

Exploit for Server-Side Request Forgery in Mooveagency Import_Xml_And_Rss_Feeds

CVE-2020-24148 Server-side request forgery SSRF in the Impo...