CVE-2021-25055

CVE-2021-25055 affects the WordPress FeedWordPress plugin prior to 2022.0123, with a Reflected Cross-Site Scripting (XSS) flaw in the visibility parameter. Exploitation could lead to unauthorized access, data theft, and potential compromise of the affected WordPress site. Remediation: update to t...

CVE-2015-4018

CVE-2015-4018 is a SQL injection vulnerability in the WordPress plugin FeedWordPress (affected: versions prior to 2015.0514). The flaw is in feedwordpresssyndicationpage.class.php and allows an authenticated attacker to inject arbitrary SQL via the link_ids[] parameter in the syndication Update a...

CVE-2024-0839

CVE-2024-0839 concerns the WordPress plugin FeedWordPress. The vulnerability is an Insecure Direct Object Reference (IDOR) due to missing validation of the user-controlled key “guid,” allowing unauthenticated attackers to view draft posts that may contain sensitive information. Affected versions ...

CVE-2015-9358

The feedwordpress WordPress plugin prior to 2015.0514 is affected by CVE-2015-9358: an XSS flaw exploitable via manipulated query arguments using add_query_arg() and remove_query_arg(). The vulnerability is described as a cross-site scripting issue impacting the plugin before the stated release, ...