The FeedWordPress plugin prior to 2022.0123 is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.
feedwordpress project feedwordpress