24 matches found
EUVD-2021-11900
Malware in sbrugna...
CVE-2024-0628
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
CVE-2024-0630
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...
WordPress WP RSS Aggregator plugin <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update vulnerability
Missing Authorization to Authenticated Subscriber+ Feed State Update vulnerability discovered by Peter Thaleikis in WordPress Plugin WP RSS Aggregator versions = 4.23.11...
WordPress WP RSS Aggregator Plugin <= 4.23.11 is vulnerable to Broken Access Control
Software WP RSS Aggregator Type Plugin Vulnerable versions = 4.23.11 Fixed in 4.23.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6621 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2954812636fe Credits Peter Thaleikis Required...
Server side request forgery (ssrf)
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
CVE-2024-0628
CVE-2024-0628 affects the WordPress WP RSS Aggregator plugin. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to and including 4.23.5, exploitable by authenticated attackers with administrator-level access to issue web requests from the application (via the RSS feed s...
CVE-2024-0628
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
PT-2024-15704 · WordPress · Wp Rss Aggregator
Name of the Vulnerable Software and Affected Versions: WP RSS Aggregator plugin for WordPress versions up to, and including, 4.23.5 Description: The issue allows authenticated attackers with administrator-level access and above to make web requests to arbitrary locations originating from the web...
CVE-2024-0630 WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-0630
CVE-2024-0630 affects the WP RSS Aggregator plugin for WordPress (versions ≤ 4.23.4). It is a stored Cross-Site Scripting vulnerability via the RSS feed source caused by insufficient input sanitization and output escaping. Exploitation requires administrator-level access and it affects multisite ...
CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2022-0189
CVE-2022-0189 affects the WordPress WP RSS Aggregator plugin up to version 4.20. The issue is a reflected XSS in the wprss_fetch_items_row_action AJAX endpoint caused by insufficient sanitization/escaping of the id parameter in the response. The exploitation requires an authenticated user (per th...
CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
WordPress WP RSS Aggregator plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WP RSS Aggregator plugin has a cross-site scripting vulnerability in versions prior to 4.19.3, which...
CVE-2021-24988
The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated...
CVE-2021-24988
The CVE affects the WordPress WP RSS Aggregator plugin, versions prior to 4.19.3. Root cause: unsanitised/uncleaned data output in the System Info admin dashboard due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks. Impact: stored XSS where an authenticated use...