Vulnerabilities > CVE-2021-24768 - Unspecified vulnerability in Wprssaggregator WP RSS Aggregator

047910
CVSS 4.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
wprssaggregator
NVD
Published: 2021-11-29
Updated: 2024-11-21

Summary

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

Vulnerable Configurations

Part Description Count
Application
Wprssaggregator
134

References