The RSS Feed Widget WordPress plugin version 2.8.0 and below was vulnerable to Authenticated Cross-Site Scripting (XSS) within the “t” GET parameter.
http://www.example.com/wp-admin/admin.php?page=rfw_options&t;=1">
CPE | Name | Operator | Version |
---|---|---|---|
rss-feed-widget | lt | 2.8.1 |