Rss Aggregator
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2433 | Med | 0.40 | 6.1 | 0.00 | Mar 7, 2026 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global… | ||
| CVE-2025-14745 | Med | 0.35 | 6.4 | 0.00 | Jan 23, 2026 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and… | ||
| CVE-2025-14375 | Med | 0.33 | 6.1 | 0.00 | Jan 16, 2026 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output… | ||
| CVE-2024-6621 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2024 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up… | ||
| CVE-2025-11128 | Med | 0.26 | 5.0 | 0.00 | Oct 23, 2025 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for… | ||
| CVE-2008-3033 | 0.03 | — | 0.03 | Jul 7, 2008 | RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich… | |||
| CVE-2008-3034 | 0.03 | — | 0.01 | Jul 7, 2008 | Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | |||
| CVE-2008-2884 | 0.03 | — | 0.03 | Jun 27, 2008 | PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2024-9583 | 0.00 | — | 0.00 | Oct 23, 2024 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12.… | |||
| CVE-2024-4860 | 0.00 | — | 0.00 | May 14, 2024 | The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. |
- risk 0.40cvss 6.1epss 0.00
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global…
- risk 0.35cvss 6.4epss 0.00
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and…
- risk 0.33cvss 6.1epss 0.00
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output…
- risk 0.28cvss 4.3epss 0.00
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up…
- risk 0.26cvss 5.0epss 0.00
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzy_sanitize_feeds' function. This makes it possible for…
- CVE-2008-3033Jul 7, 2008risk 0.03cvss —epss 0.03
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich…
- CVE-2008-3034Jul 7, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
- CVE-2008-2884Jun 27, 2008risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
- CVE-2024-9583Oct 23, 2024risk 0.00cvss —epss 0.00
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12.…
- CVE-2024-4860May 14, 2024risk 0.00cvss —epss 0.00
The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter.