Unrated severityNVD Advisory· Published Oct 23, 2024· Updated Apr 8, 2026
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization
CVE-2024-9583
Description
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send premium support requests with an attacker-controlled subject line and email address to support allowing them to impersonate the site owner. License information may also be leaked.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=4.23.12
- rebelcode/RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autobloggingv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.