VYPR

Wpematico Rss Feed Fetcher

by WordPress

CVEs (5)

  • CVE-2025-13031MedDec 9, 2025
    risk 0.38cvss 5.9epss 0.00

    The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

  • CVE-2025-11917MedNov 5, 2025
    risk 0.35cvss 6.4epss 0.00

    The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to…

  • CVE-2021-24793MedNov 1, 2021
    risk 0.31cvss 4.8epss 0.01

    The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2025-49922MedOct 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.

  • CVE-2025-57937MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.