cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6805,https://securityvulnerability.io/vulnerability/CVE-2023-6805,Feedzy RSS Aggregator Vulnerable to Blind Server-Side Request Forgery,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-17T12:54:01.589Z,0
CVE-2023-6877,https://securityvulnerability.io/vulnerability/CVE-2023-6877,Feedzy RSS Aggregator Vulnerable to Stored Cross-Site Scripting,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-07T01:55:15.228Z,0
CVE-2024-1318,https://securityvulnerability.io/vulnerability/CVE-2024-1318,Unauthorized Data Modification in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress contains a significant vulnerability that allows authenticated users, specifically those with Contributor privileges and above, to bypass intended restrictions. Due to missing capability checks in the 'feedzy_wizard_step_process' and 'import_status' functions, these users are able to draft and publish posts with arbitrary content, undermining the integrity of the site's content management. This issue affects all versions up to and including 4.4.2, and underscores the importance of implementing robust access controls to prevent unauthorized modifications.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1317,https://securityvulnerability.io/vulnerability/CVE-2024-1317,Feedzy RSS Aggregator Vulnerable to SQL Injection,"The RSS Aggregator plugin by Feedzy, widely used for aggregating RSS feeds, exposes a vulnerability due to inadequate sanitization of the ‘search_key’ parameter. This flaw allows authenticated attackers with contributor-level access and higher to inject malicious SQL queries. These false queries manipulate the original SQL statements executed against the underlying database, enabling potential disclosure of sensitive data. Users of versions up to and including 4.4.2 should prioritize updating to safeguard against this threat.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1092,https://securityvulnerability.io/vulnerability/CVE-2024-1092,Unauthorized Data Modification Vulnerability in Feedzy's RSS Aggregator Plugin for WordPress,"The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:21:53.970Z,0
CVE-2023-6798,https://securityvulnerability.io/vulnerability/CVE-2023-6798,Unauthorized Settings Update in RSS Aggregator Plugin by Feedzy for WordPress,"The RSS Aggregator by Feedzy plugin for WordPress is susceptible to unauthorized settings updates due to a lack of necessary capability checks. This vulnerability affects all versions up to and including 4.3.2, allowing authenticated attackers with author-level access or higher to manipulate plugin settings, including potentially sensitive proxy configurations. Such unauthorized modifications could lead to severe security implications for the affected site.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-06T10:15:00.000Z,0
CVE-2023-6801,https://securityvulnerability.io/vulnerability/CVE-2023-6801,Stored Cross-Site Scripting Vulnerability in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping mechanisms. This issue affects all versions up to and including 4.3.2. Authenticated attackers with author-level permissions can exploit this vulnerability to inject malicious web scripts into pages. These scripts are executed when users access the compromised page, potentially leading to unauthorized actions or data compromise.",Wordpress,"RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator",6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-06T10:15:00.000Z,0
CVE-2020-36758,https://securityvulnerability.io/vulnerability/CVE-2020-36758,Cross-Site Request Forgery in Feedzy RSS Aggregator Plugin for WordPress,"The Feedzy RSS Aggregator plugin for WordPress is susceptible to a Cross-Site Request Forgery due to inadequate nonce validation in its save_feedzy_post_type_meta() function. This vulnerability allows unauthenticated attackers to potentially manipulate post meta by deceiving an administrator into executing an action via a fraudulent request. Exploiting this flaw requires social engineering techniques to entice the administrator into clicking a malicious link, thus compromising site integrity.",Wordpress,"Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator",4.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,false,false,2023-10-20T07:29:36.500Z,0
CVE-2022-4667,https://securityvulnerability.io/vulnerability/CVE-2022-4667,RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS,"The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Rss Aggregator By Feedzy,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-30T20:31:59.713Z,0