RSS   Vulnerabilities for 'Wp rss aggregator'   RSS

2022-02-28
 
CVE-2022-0189

CWE-79
 

 
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting

 
2021-11-29
 
CVE-2021-24768

CWE-79
 

 
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

 


Copyright 2024, cxsecurity.com

 

Back to Top