Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rss aggregator rss aggregator vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2008-2884
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote malicious users to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
Rss Aggregator Rss Aggregator
1 EDB exploit
9.3
CVSSv2
CVE-2008-3033
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote malicious users to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafra...
Rss Aggregator Rss Aggregator 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-3034
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
Rss Aggregator Rss Aggregator 1.0
2 EDB exploits
NA
CVE-2024-0628
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make w...
Wprssaggregator Wp Rss Aggregator
NA
CVE-2024-0630
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admini...
Wprssaggregator Wp Rss Aggregator
4.3
CVSSv2
CVE-2022-0189
The WP RSS Aggregator WordPress plugin prior to 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Wprssaggregator Wp Rss Aggregator
3.5
CVSSv2
CVE-2021-24768
The WP RSS Aggregator WordPress plugin prior to 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting...
Wprssaggregator Wp Rss Aggregator
3.5
CVSSv2
CVE-2021-24988
The WP RSS Aggregator WordPress plugin prior to 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowi...
Wprssaggregator Wp Rss Aggregator
NA
CVE-2023-6798
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This...
Themeisle Rss Aggregator By Feedzy
NA
CVE-2023-6801
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and o...
Themeisle Rss Aggregator By Feedzy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »