VYPR

Rss Feed Widget

by WordPress

Source repositories

CVEs (5)

  • CVE-2020-24314MedAug 26, 2020
    risk 0.40cvss 6.1epss 0.01

    Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.

  • CVE-2024-9836MedNov 12, 2024
    risk 0.38cvss 5.9epss 0.00

    The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site…

  • CVE-2024-32690MedApr 22, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7.

  • CVE-2025-69349MedJan 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.

  • CVE-2024-9835MedNov 12, 2024
    risk 0.31cvss 4.8epss 0.00

    The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers