WordPress RSS Feed Widget plugin < 3.0.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin RSS Feed Widget versions 3.0.0...

CVE-2020-24314

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2025-69349

Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through = 3.0.2...

WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin RSS Feed Widget versions = 3.0.2...

CVE-2025-69349 WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through = 3.0.2...

CVE-2025-69349

CVE-2025-69349 affects RSS Feed Widget for WordPress (RSS Feed Widget) with a Missing Authorization flaw in versions up to 3.0.2 due to incorrectly configured access controls. This allows unauthorized access/impact on protected data per Wordfence, with CVSS 3.1 base score 5.4 (NETWORK, LOW privil...

WordPress plugin RSS Feed Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2020-17048

Malware in sbrugna...

EUVD-2024-30477

Malicious code in bioql PyPI...

CVE-2024-56915

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...

CVE-2024-56915

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...

CVE-2024-56915

CVE-2024-56915 affects NetBox Community from version 4.1.7, vulnerable to Cross Site Scripting via the RSS feed widget. The issue is fixed in v4.2.2; upgrade to 4.2.2 to remediate. The available sources describe the vulnerability as an XSS in the RSS feed widget, with no public exploitation detai...

PT-2025-26975 · Unknown · Netbox Community

Name of the Vulnerable Software and Affected Versions: Netbox Community versions 4.1.7 through 4.2.1 Description: The issue is related to Cross Site Scripting XSS via the RSS feed widget. This allows for potential malicious script execution. Recommendations: For Netbox Community version 4.1.7,...

CVE-2024-32690

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7...

CVE-2024-10057

The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9836

The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9835

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-9835

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-9835

The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-9836

The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...