CVE-2026-2433

The CVE-2026-2433 entry concerns the WordPress plugin RSS Aggregator (RSS Import, News Feeds, Feed to Post, Autoblogging) up to version 5.0.11. The root cause is a DOM-based XSS via postMessage arising from admin-shell.js: a global message listener is registered without origin validation, and use...

WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability

Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

WordPress RSS Aggregator plugin <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability discovered by zaim in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

PT-2026-4324

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

EUVD-2024-47682

Malicious code in bioql PyPI...

CVE-2024-4860

The 'WordPress RSS Aggregator' WordPress Plugin, versions 4.23.9 are affected by a Cross-Site Scripting XSS vulnerability due to the lack of sanitization of the 'noticeid' GET parameter...

CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated...

WordPress RSS Aggregator by Feedzy Plugin <= 4.3.2 is vulnerable to Cross Site Scripting (XSS)

Software RSS Aggregator by Feedzy Type Plugin Vulnerable versions = 4.3.2 Fixed in 4.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6801 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7b021f6dbd31 Credits Colin Xu Requir...