48 matches found
CVE-2021-24768
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
Cross site scripting
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24768
CVE-2021-24768 affects the WordPress WP RSS Aggregator plugin prior to 4.19.2. The issue is improper sanitisation/escaping of the URL to the Blacklist field, allowing malicious HTML to be stored by high-privilege users even when unfiltered_html is disallowed, enabling stored Cross-Site Scripting ...
WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and se...
CVE-2014-4938
SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...
Sql injection
SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...
CVE-2014-4938
SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...
CVE-2014-4938
The CVE-2014-4938 entry concerns the WordPress WP RSS Poster plugin version 1.0.0. A SQL injection flaw exists in the wrp-add-new page (wp-admin/admin.php) exploitable via the id parameter, enabling remote attackers to execute arbitrary SQL commands. Documented impact includes typical web app con...