Vulnerabilities > Themeisle > RSS Aggregator BY Feedzy > 4.2.4

DATE CVE VULNERABILITY TITLE RISK
2024-04-07 CVE-2023-6877 Cross-site Scripting vulnerability in Themeisle RSS Aggregator BY Feedzy
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed.
network
low complexity
themeisle CWE-79
5.4
5.4
2024-02-05 CVE-2024-1092 Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1.
network
low complexity
themeisle CWE-862
4.3
4.3
2024-01-06 CVE-2023-6798 Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2.
network
low complexity
themeisle CWE-862
5.4
5.4
2024-01-06 CVE-2023-6801 Cross-site Scripting vulnerability in Themeisle RSS Aggregator BY Feedzy
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping.
network
low complexity
themeisle CWE-79
5.4
5.4