Lucene search
K

48 matches found

NVD
NVD
added 2021/11/29 9:15 a.m.14 views

CVE-2021-24768

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

4.8CVSS0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/11/29 9:15 a.m.17 views

Cross site scripting

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

3.5CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/29 8:25 a.m.49 views

CVE-2021-24768

CVE-2021-24768 affects the WordPress WP RSS Aggregator plugin prior to 4.19.2. The issue is improper sanitisation/escaping of the URL to the Blacklist field, allowing malicious HTML to be stored by high-privilege users even when unfiltered_html is disallowed, enabling stored Cross-Site Scripting ...

4.8CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/29 12:0 a.m.15 views

WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and se...

5.4CVSS0.1AI score0.00292EPSS
Exploits2Affected Software1
NVD
NVD
added 2014/07/11 8:55 p.m.20 views

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

7.5CVSS8.5AI score0.03022EPSS
Exploits1References1
Prion
Prion
added 2014/07/11 8:55 p.m.17 views

Sql injection

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

7.5CVSS9.2AI score0.03022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2014/07/11 8:0 p.m.31 views

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

8.5AI score0.03022EPSS
Exploits1References1
CVE
CVE
added 2014/07/11 8:0 p.m.40 views

CVE-2014-4938

The CVE-2014-4938 entry concerns the WordPress WP RSS Poster plugin version 1.0.0. A SQL injection flaw exists in the wrp-add-new page (wp-admin/admin.php) exploitable via the id parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact includes typical web app con...

7.5CVSS8.8AI score0.03022EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder