Wprssaggregator Wp Rss Aggregator — known CVE vulnerabilities
Every CVE whose affected-product data names Wprssaggregator Wp Rss Aggregator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-0189 — CVSS 6.1 (medium): The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX…
CVE-2021-24988 — CVSS 5.4 (medium): The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin…
CVE-2021-24768 — CVSS 4.8 (medium): The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious…
CVE-2024-0630 — CVSS 4.4 (medium): The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and…
CVE-2024-0628 — CVSS 3.8 (low): The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via…