Vulnerabilities > Rebelcode > RSS Aggregator > 4.15.1

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-9583 Missing Authorization vulnerability in Rebelcode RSS Aggregator
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12.
network
low complexity
rebelcode CWE-862
5.4
5.4
2024-07-16 CVE-2024-6621 Unspecified vulnerability in Rebelcode RSS Aggregator
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up to, and including, 4.23.11.
network
low complexity
rebelcode
4.3
4.3
2024-05-14 CVE-2024-4860 Cross-site Scripting vulnerability in Rebelcode RSS Aggregator
The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the  'notice_id'  GET parameter.
network
low complexity
rebelcode CWE-79
6.1
6.1