9 matches found
CVE-2024-1317
The CVE-2024-1317 vulnerability affects the WordPress plugin RSS Aggregator by Feedzy (slug feedzy-rss-feeds). A SQL Injection exists in the search_key parameter for versions up to 4.4.2 due to insufficient escaping and improper use of prepare in a LIKE clause, allowing authenticated attackers wi...
CVE-2024-1318
The CVE-2024-1318 issue affects the WordPress plugin RSS Aggregator by Feedzy (versions up to 4.4.2). Root cause: missing capability checks in feedzy_wizard_step_process and import_status functions, allowing an authenticated user with Contributor+ privileges to modify data and draft/publish posts...
CVE-2022-4667
The CVE-2022-4667 entry points to the WordPress plugin RSS Aggregator by Feedzy, affected in versions prior to 4.1.1. The root cause is that certain block options are not validated or escaped before being echoed on the page, enabling Stored XSS. This could allow a user with Contributor-level or s...
CVE-2023-6805
CVE-2023-6805 affects RSS Aggregator by Feedzy (WordPress). It allows Blind SSRF via fetch_feed, enabling authenticated users withContributor+ to reach arbitrary external/internal locations and modify internal data. Fixed in 4.4.7 (contributor) and 4.4.8 (author); remediation is to upgrade to the...
CVE-2023-6877
CVE-2023-6877 affects RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator for WordPress. It permits Stored Cross-Site Scripting via the plugin’s shortcode error messages (Content-Type) when retrieving an invalid RSS feed. Varies versions up to 4.3.3 are af...
CVE-2023-6798
CVE-2023-6798 affects the RSS Aggregator by Feedzy (WordPress plugin) with broken access control: authenticated users with author-level access or higher can update plugin settings (including proxy settings) due to a missing capability check in versions up to and including 4.3.2. The entry notes t...
CVE-2023-6801
CVE-2023-6801 affects RSS Aggregator by Feedzy – Feed to Post (WordPress) and is a Stored XSS vulnerability caused by insufficient input sanitization and output escaping in admin settings. Affected versions are up to and including 4.3.2; Patch 4.3.3 fixes the issue. The CVE is corroborated by mul...
CVE-2024-1092
CVE-2024-1092 affects the RSS Aggregator by Feedzy plugin for WordPress (versions up to 4.4.1). The issue is broken access control due to a missing capability check on the feedzy dashboard, allowing authenticated users with contributor access or higher to create, edit, or delete feed categories. ...
CVE-2020-36758
The CVE refers to the WordPress RSS Aggregator by Feedzy plugin. Affected: WordPress RSS Aggregator by Feedzy plugin for WordPress (plugin version ≤ 3.4.2). Issue: Cross-Site Request Forgery due to missing or incorrect nonce validation on the function save_feedzy_post_type_meta(). Impact: unauthe...