47 matches found
EUVD-2014-4855
Malware in sbrugna...
EUVD-2021-11900
Malware in sbrugna...
EUVD-2022-51711
Malicious code in bioql PyPI...
EUVD-2023-40636
Malicious code in bioql PyPI...
CVE-2024-0628
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
CVE-2024-0630
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-36693
Cross-Site Request Forgery CSRF vulnerability in Alain Gonzalez WP RSS Images plugin = 1.1 versions...
CVE-2022-4360
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2022-4359
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2014-4938
SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...
CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...
WordPress WP RSS Aggregator plugin <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update vulnerability
Missing Authorization to Authenticated Subscriber+ Feed State Update vulnerability discovered by Peter Thaleikis in WordPress Plugin WP RSS Aggregator versions = 4.23.11...
WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...
Server side request forgery (ssrf)
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
CVE-2024-0628
CVE-2024-0628 affects the WordPress WP RSS Aggregator plugin. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to and including 4.23.5, exploitable by authenticated attackers with administrator-level access to issue web requests from the application (via the RSS feed s...
CVE-2024-0628
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
PT-2024-15704 · WordPress · Wp Rss Aggregator
Name of the Vulnerable Software and Affected Versions: WP RSS Aggregator plugin for WordPress versions up to, and including, 4.23.5 Description: The issue allows authenticated attackers with administrator-level access and above to make web requests to arbitrary locations originating from the web...
CVE-2024-0630
CVE-2024-0630 affects the WP RSS Aggregator plugin for WordPress (versions ≤ 4.23.4). It is a stored Cross-Site Scripting vulnerability via the RSS feed source caused by insufficient input sanitization and output escaping. Exploitation requires administrator-level access and it affects multisite ...
CVE-2024-0630 WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-36693
Cross-Site Request Forgery CSRF vulnerability in Alain Gonzalez WP RSS Images plugin = 1.1 versions...