Every CVE whose affected-product data names Rss Feed Widget Project Rss Feed Widget, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-24314 — CVSS 6.1 (medium): Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out…
CVE-2024-9836 — CVSS 5.9 (medium): The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back…