Themeisle Rss Aggregator By Feedzy
By the Year
In 2024 there have been 3 vulnerabilities in Themeisle Rss Aggregator By Feedzy with an average score of 5.0 out of ten. Last year Rss Aggregator By Feedzy had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Rss Aggregator By Feedzy in 2024 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.18.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 3 | 5.03 |
| 2023 | 3 | 4.85 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Rss Aggregator By Feedzy vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Themeisle Rss Aggregator By Feedzy Security Vulnerabilities
The RSS Aggregator by Feedzy Feed to Post
CVE-2024-1092
4.3 - Medium
- February 05, 2024
The RSS Aggregator by Feedzy Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.
AuthZ
The RSS Aggregator by Feedzy Feed to Post
CVE-2023-6798
5.4 - Medium
- January 06, 2024
The RSS Aggregator by Feedzy Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.
AuthZ
The RSS Aggregator by Feedzy Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting
CVE-2023-6801
5.4 - Medium
- January 06, 2024
The RSS Aggregator by Feedzy Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2
CVE-2020-36758
4.3 - Medium
- October 20, 2023
The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could
CVE-2022-4667
5.4 - Medium
- January 30, 2023
The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Themeisle Rss Aggregator By Feedzy or by Themeisle? Click the Watch button to subscribe.
