CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2025-11917

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematicotestfeed function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

EUVD-2021-11705

Malware in sbrugna...

EUVD-2025-22771

Malicious code in bioql PyPI...

WordPress plugin WPeMatico RSS Feed Fetcher 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-8103

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...

CVE-2025-8103 WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handlefeedbacksubmission function. This makes it possible for unauthenticated attackers to deactivate the...

CVE-2025-8103

CVE-2025-8103 refers to the WPeMatico RSS Feed Fetcher plugin for WordPress (versions up to and including 2.8.7). It is a Cross-Site Forgery (CSRF) vulnerability caused by missing nonce validation in handle_feedback_submission(), enabling unauthenticated attackers to deactivate the plugin by tric...

CVE-2021-24793

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24793

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WPeMatico RSS Feed Fetcher prior...