13 matches found
PT-2025-45087
Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions up to and including 2.8.11 Description The WPeMatico RSS Feed Fetcher plugin for WordPress is susceptible to Server-Side Request Forgery via the wpematico test feed function. Authenticated attackers with...
CVE-2025-49922 WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...
PT-2025-43186
Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions through 2.8.3 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations...
WordPress WPeMatico RSS Feed Fetcher Plugin <= 2.8.10 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.10...
CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...
WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function vulnerability
Cross-Site Request Forgery to Plugin Deactivation via handlefeedbacksubmission Function vulnerability discovered by wesley wcraft in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.7...
WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by domiee13 in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.3...
WPeMatico RSS Feed Fetcher Plugin for WordPress < 2.6.12 Stored Cross-Site Scripting
The WordPress WPeMatico RSS Feed Fetcher Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Cross site scripting
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24793 WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24793
CVE-2021-24793 references the WPeMatico RSS Feed Fetcher WordPress plugin, before version 2.6.12, which does not escape the feed URL added to a campaign before outputting it in an attribute. This enables stored Cross‑Site Scripting (XSS) when exploited by high‑privilege users, even when unfiltere...
WordPress WPeMatico RSS Feed Fetcher plugin <= 2.6.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress WPeMatico RSS Feed Fetcher plugin versions = 2.6.11. Solution Update the WordPress Connections Business Directory plugin to the latest available version...
WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting
The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a campaign and add the following feed URL:...