Wprssaggregator Wp_rss_aggregator
5 CVEs affecting Wprssaggregator Wp_rss_aggregator. Latest disclosed: 2024-02-07. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0189 | Medium | 6.1 | 2022-02-28 | The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputt… |
CVE-2021-24988 | Medium | 5.4 | 2021-12-27 | The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lea… |
CVE-2021-24768 | Medium | 4.8 | 2021-11-29 | The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted b… |
CVE-2024-0630 | Medium | 4.4 | 2024-02-05 | The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 du… |
CVE-2024-0628 | Low | 3.8 | 2024-02-07 | The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in… |