VYPR

Wp Rss Aggregator

by Rss Aggregator

Source repositories

CVEs (2)

  • CVE-2024-4860MedMay 14, 2024
    risk 0.28cvss 5.4epss 0.00

    The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.

  • CVE-2024-0630MedFeb 5, 2024
    risk 0.22cvss 4.4epss 0.00

    The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…