Vulnerabilities > Themeisle > RSS Aggregator BY Feedzy > 3.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-1092 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. | 4.3 |
| 2024-01-06 | CVE-2023-6798 | Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. | 5.4 |
| 2024-01-06 | CVE-2023-6801 | Cross-site Scripting vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-10-20 | CVE-2020-36758 | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. | 4.3 |
| 2023-01-30 | CVE-2022-4667 | Unspecified vulnerability in Themeisle RSS Aggregator BY Feedzy The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |