VYPR

Rss Aggregator

by WordPress

Source repositories

CVEs (6)

  • CVE-2026-2433MedMar 7, 2026
    risk 0.40cvss 6.1epss 0.00

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin-shell.js registering a global…

  • CVE-2025-14745MedJan 23, 2026
    risk 0.35cvss 6.4epss 0.00

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and…

  • CVE-2025-14375MedJan 16, 2026
    risk 0.33cvss 6.1epss 0.00

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output…

  • CVE-2024-6621MedJul 16, 2024
    risk 0.28cvss 4.3epss 0.00

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up…

  • CVE-2024-9583Oct 23, 2024
    risk 0.00cvss epss 0.00

    The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12.…

  • CVE-2024-4860May 14, 2024
    risk 0.00cvss epss 0.00

    The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.