Vulnerabilities > Wprssaggregator > WP RSS Aggregator > 4.19.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-0628 | Server-Side Request Forgery (SSRF) vulnerability in Wprssaggregator WP RSS Aggregator The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. | 3.8 |
| 2024-02-05 | CVE-2024-0630 | Cross-site Scripting vulnerability in Wprssaggregator WP RSS Aggregator The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. | 4.8 |
| 2022-02-28 | CVE-2022-0189 | Cross-site Scripting vulnerability in Wprssaggregator WP RSS Aggregator The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 4.3 |