cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9583,https://securityvulnerability.io/vulnerability/CVE-2024-9583,Premium Support Requests Vulnerability in RSS Aggregator Plugin,"The RSS Aggregator plugin for WordPress has a serious security flaw due to a lack of proper capability checks in its AJAX function, specifically on the 'wprss_ajax_send_premium_support'. This vulnerability allows authenticated users, with a minimum of Subscriber-level permissions, to send misleading premium support requests using their own chosen subject lines and email addresses. As a result, attackers can effectively impersonate legitimate site owners, which could lead to unauthorized access or disclosure of sensitive license information associated with the site. All versions of the plugin up to and including version 4.23.12 are affected by this vulnerability, highlighting the necessity for prompt updates and increased scrutiny of user permissions.",Wordpress,"Rss Aggregator – Rss Import, News Feeds, Feed To Post, And Autoblogging",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-23T06:45:05.657Z,0
CVE-2024-6621,https://securityvulnerability.io/vulnerability/CVE-2024-6621,Unauthorized Data Modification in RSS Aggregator Plugin for WordPress,"The RSS Aggregator plugin for WordPress, specifically versions up to and including 4.23.11, has a vulnerability that allows authenticated users with Subscriber-level access or higher to manipulate RSS feeds without proper authorization checks. This issue arises from a lack of capability verification in the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions, potentially enabling attackers to activate or pause RSS feeds maliciously, thereby compromising data integrity and feed functionality.",Wordpress,Rss Aggregator,4.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2024-07-16T11:15:00.000Z,0
CVE-2023-6805,https://securityvulnerability.io/vulnerability/CVE-2023-6805,Feedzy RSS Aggregator Vulnerable to Blind Server-Side Request Forgery,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-17T12:54:01.589Z,0
CVE-2023-6877,https://securityvulnerability.io/vulnerability/CVE-2023-6877,Feedzy RSS Aggregator Vulnerable to Stored Cross-Site Scripting,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-07T01:55:15.228Z,0
CVE-2024-1318,https://securityvulnerability.io/vulnerability/CVE-2024-1318,Unauthorized Data Modification in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress contains a significant vulnerability that allows authenticated users, specifically those with Contributor privileges and above, to bypass intended restrictions. Due to missing capability checks in the 'feedzy_wizard_step_process' and 'import_status' functions, these users are able to draft and publish posts with arbitrary content, undermining the integrity of the site's content management. This issue affects all versions up to and including 4.4.2, and underscores the importance of implementing robust access controls to prevent unauthorized modifications.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1317,https://securityvulnerability.io/vulnerability/CVE-2024-1317,Feedzy RSS Aggregator Vulnerable to SQL Injection,"The RSS Aggregator plugin by Feedzy, widely used for aggregating RSS feeds, exposes a vulnerability due to inadequate sanitization of the ‘search_key’ parameter. This flaw allows authenticated attackers with contributor-level access and higher to inject malicious SQL queries. These false queries manipulate the original SQL statements executed against the underlying database, enabling potential disclosure of sensitive data. Users of versions up to and including 4.4.2 should prioritize updating to safeguard against this threat.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0628,https://securityvulnerability.io/vulnerability/CVE-2024-0628,RSS Feed Vulnerability Allows Authenticated Attackers to Modify Internal Services,"The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",Wordpress,"WP Rss Aggregator – Rss Import, News Feeds, Feed To Post, And Autoblogging",3.8,LOW,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-07T06:46:56.404Z,0
CVE-2024-1092,https://securityvulnerability.io/vulnerability/CVE-2024-1092,Unauthorized Data Modification Vulnerability in Feedzy's RSS Aggregator Plugin for WordPress,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:53.970Z,0
CVE-2024-0630,https://securityvulnerability.io/vulnerability/CVE-2024-0630,Stored Cross-Site Scripting Vulnerability Affects WP RSS Aggregator Plugin,"The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,"WP RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging",4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:53.514Z,0
CVE-2023-6801,https://securityvulnerability.io/vulnerability/CVE-2023-6801,Stored Cross-Site Scripting Vulnerability in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping mechanisms. This issue affects all versions up to and including 4.3.2. Authenticated attackers with author-level permissions can exploit this vulnerability to inject malicious web scripts into pages. These scripts are executed when users access the compromised page, potentially leading to unauthorized actions or data compromise.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-06T10:15:00.000Z,0
CVE-2023-6798,https://securityvulnerability.io/vulnerability/CVE-2023-6798,Unauthorized Settings Update in RSS Aggregator Plugin by Feedzy for WordPress,"The RSS Aggregator by Feedzy plugin for WordPress is susceptible to unauthorized settings updates due to a lack of necessary capability checks. This vulnerability affects all versions up to and including 4.3.2, allowing authenticated attackers with author-level access or higher to manipulate plugin settings, including potentially sensitive proxy configurations. Such unauthorized modifications could lead to severe security implications for the affected site.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-06T10:15:00.000Z,0
CVE-2020-36758,https://securityvulnerability.io/vulnerability/CVE-2020-36758,Cross-Site Request Forgery in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress is susceptible to a Cross-Site Request Forgery due to inadequate nonce validation in its save_feedzy_post_type_meta() function. This vulnerability allows unauthenticated attackers to potentially manipulate post meta by deceiving an administrator into executing an action via a fraudulent request. Exploiting this flaw requires social engineering techniques to entice the administrator into clicking a malicious link, thus compromising site integrity.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",4.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,false,false,2023-10-20T07:29:36.500Z,0
CVE-2022-4667,https://securityvulnerability.io/vulnerability/CVE-2022-4667,RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS,"The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Rss Aggregator By Feedzy,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-30T20:31:59.713Z,0
CVE-2022-0189,https://securityvulnerability.io/vulnerability/CVE-2022-0189,WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS),"The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting",Wordpress,"WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More",6.1,MEDIUM,0.0010000000474974513,false,,false,false,false,,false,false,2022-02-28T09:06:43.000Z,0
CVE-2021-24988,https://securityvulnerability.io/vulnerability/CVE-2021-24988,WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting,"The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.",Wordpress,"WP Rss Aggregator – News Feeds, Autoblogging, Youtube Video Feeds And More",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-27T10:33:24.000Z,0
CVE-2021-24768,https://securityvulnerability.io/vulnerability/CVE-2021-24768,WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting,"The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.",Wordpress,"WP Rss Aggregator – News Feeds, Autoblogging, Youtube Video Feeds And More",4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-11-29T08:25:36.000Z,0