CVE-2024-9836

The CVE-2024-9836 entry describes a stored XSS flaw in the WordPress RSS Feed Widget plugin, affecting versions prior to 3.0.0. The root cause is failure to validate and escape certain shortcode attributes before echoing them in posts/pages where the shortcode is used, enabling attackers with con...

CVE-2020-24314

Affected software: Fahad Mahmood RSS Feed Widget Plugin for WordPress, v2.7.9 and earlier. Vulnerability: Reflected XSS via the GET parameter "t" that is echoed into an input tag without sanitization. Impact: Attackers can craft a URL to trigger XSS (no exploitation details beyond this). Exploita...