Lucene search
K
ThemeisleRss Aggregator By Feedzy

9 matches found

CVE
CVE
added 2024/02/20 6:56 p.m.94 views

CVE-2024-1317

The CVE-2024-1317 vulnerability affects the WordPress plugin RSS Aggregator by Feedzy (slug feedzy-rss-feeds). A SQL Injection exists in the search_key parameter for versions up to 4.4.2 due to insufficient escaping and improper use of prepare in a LIKE clause, allowing authenticated attackers wi...

8.8CVSS8.6AI score0.00714EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.87 views

CVE-2024-1318

The CVE-2024-1318 issue affects the WordPress plugin RSS Aggregator by Feedzy (versions up to 4.4.2). Root cause: missing capability checks in feedzy_wizard_step_process and import_status functions, allowing an authenticated user with Contributor+ privileges to modify data and draft/publish posts...

6.5CVSS6.8AI score0.00518EPSS
CVE
CVE
added 2023/01/30 8:31 p.m.85 views

CVE-2022-4667

The CVE-2022-4667 entry points to the WordPress plugin RSS Aggregator by Feedzy, affected in versions prior to 4.1.1. The root cause is that certain block options are not validated or escaped before being echoed on the page, enabling Stored XSS. This could allow a user with Contributor-level or s...

5.4CVSS5.3AI score0.00507EPSS
CVE
CVE
added 2024/04/17 12:54 p.m.73 views

CVE-2023-6805

CVE-2023-6805 affects RSS Aggregator by Feedzy (WordPress). It allows Blind SSRF via fetch_feed, enabling authenticated users withContributor+ to reach arbitrary external/internal locations and modify internal data. Fixed in 4.4.7 (contributor) and 4.4.8 (author); remediation is to upgrade to the...

6.4CVSS6.4AI score0.00342EPSS
CVE
CVE
added 2024/04/07 1:55 a.m.63 views

CVE-2023-6877

CVE-2023-6877 affects RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator for WordPress. It permits Stored Cross-Site Scripting via the plugin’s shortcode error messages (Content-Type) when retrieving an invalid RSS feed. Varies versions up to 4.3.3 are af...

6.4CVSS6.1AI score0.00352EPSS
CVE
CVE
added 2024/01/06 9:38 a.m.49 views

CVE-2023-6798

CVE-2023-6798 affects the RSS Aggregator by Feedzy (WordPress plugin) with broken access control: authenticated users with author-level access or higher can update plugin settings (including proxy settings) due to a missing capability check in versions up to and including 4.3.2. The entry notes t...

5.4CVSS5.5AI score0.00287EPSS
CVE
CVE
added 2024/01/06 9:38 a.m.44 views

CVE-2023-6801

CVE-2023-6801 affects RSS Aggregator by Feedzy – Feed to Post (WordPress) and is a Stored XSS vulnerability caused by insufficient input sanitization and output escaping in admin settings. Affected versions are up to and including 4.3.2; Patch 4.3.3 fixes the issue. The CVE is corroborated by mul...

6.4CVSS5.2AI score0.00315EPSS
CVE
CVE
added 2024/02/05 9:21 p.m.44 views

CVE-2024-1092

CVE-2024-1092 affects the RSS Aggregator by Feedzy plugin for WordPress (versions up to 4.4.1). The issue is broken access control due to a missing capability check on the feedzy dashboard, allowing authenticated users with contributor access or higher to create, edit, or delete feed categories. ...

4.3CVSS5.2AI score0.0045EPSS
CVE
CVE
added 2023/10/20 7:29 a.m.42 views

CVE-2020-36758

The CVE refers to the WordPress RSS Aggregator by Feedzy plugin. Affected: WordPress RSS Aggregator by Feedzy plugin for WordPress (plugin version ≤ 3.4.2). Issue: Cross-Site Request Forgery due to missing or incorrect nonce validation on the function save_feedzy_post_type_meta(). Impact: unauthe...

4.3CVSS4.2AI score0.00397EPSS