Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.6 views

PT-2025-45087

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions up to and including 2.8.11 Description The WPeMatico RSS Feed Fetcher plugin for WordPress is susceptible to Server-Side Request Forgery via the wpematico test feed function. Authenticated attackers with...

6.4CVSS6.1AI score0.00217EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.10 views

CVE-2025-49922 WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through = 2.8.3...

4.3CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.5 views

PT-2025-43186

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions through 2.8.3 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations...

4.3CVSS6.5AI score0.00215EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/22 7:12 p.m.4 views

WordPress WPeMatico RSS Feed Fetcher Plugin <= 2.8.10 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.10...

4.3CVSS6.7AI score0.00275EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/07/26 3:38 a.m.10 views

CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...

4.3CVSS0.00195EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/07/25 9:37 p.m.13 views

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function vulnerability

Cross-Site Request Forgery to Plugin Deactivation via handlefeedbacksubmission Function vulnerability discovered by wesley wcraft in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.7...

4.3CVSS6.8AI score0.00195EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/05/29 3:2 p.m.6 views

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 in WordPress Plugin WPeMatico RSS Feed Fetcher versions = 2.8.3...

4.3CVSS7AI score0.00215EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.23 views

WPeMatico RSS Feed Fetcher Plugin for WordPress < 2.6.12 Stored Cross-Site Scripting

The WordPress WPeMatico RSS Feed Fetcher Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

4.8CVSS7.1AI score0.00622EPSS
Exploits2References2
Prion
Prion
added 2021/11/01 9:15 a.m.13 views

Cross site scripting

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00622EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/11/01 8:46 a.m.17 views

CVE-2021-24793 WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00622EPSS
Exploits2References1
CVE
CVE
added 2021/11/01 8:46 a.m.44 views

CVE-2021-24793

CVE-2021-24793 references the WPeMatico RSS Feed Fetcher WordPress plugin, before version 2.6.12, which does not escape the feed URL added to a campaign before outputting it in an attribute. This enables stored Cross‑Site Scripting (XSS) when exploited by high‑privilege users, even when unfiltere...

4.8CVSS4.8AI score0.00622EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/09/29 12:0 a.m.16 views

WordPress WPeMatico RSS Feed Fetcher plugin <= 2.6.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Huy Nguyen in WordPress WPeMatico RSS Feed Fetcher plugin versions = 2.6.11. Solution Update the WordPress Connections Business Directory plugin to the latest available version...

4.8CVSS1.5AI score0.00622EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/09/29 12:0 a.m.571 views

WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting

The plugin does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a campaign and add the following feed URL:...

4.8CVSS0.7AI score0.00622EPSS
Exploits2
Rows per page
Query Builder