CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2825

A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fixhtml of the file tools/fix.py of the component Article Module. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2026-2216

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2026-2216 rachelos WeRSS we-mp-rss tools.py download_export_file path traversal

A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function downloadexportfile of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used...

PT-2026-7067

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET KEY results in use of default cryptographic key. The attack can be initiated...

CVE-2025-13174

CVE-2025-13174 affects rachelos WeRSS we-mp-rss up to 1.4.7. The vulnerability lies in the Webhook Module’s function do_job (file path: /rachelos/we-mp-rss/blob/main/jobs/mps.py). Manipulating the argument web_hook_url can lead to server-side request forgery (SSRF). The attack may be executed rem...