0.001 Low
EPSS
Percentile
32.7%
The RSS Feed Widget WordPress plugin version 2.8.0 and below was vulnerable to Authenticated Cross-Site Scripting (XSS) within the “t” GET parameter.
http://www.example.com/wp-admin/admin.php?page=rfw_options&t=1"><script>alert("xss")</script>
plugins.trac.wordpress.org/changeset/2329461/rss-feed-widget
zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/