Filtered by vendor Etruel
Subscriptions
Filtered by product Wpematico Rss Feed Fetcher
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13031 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-12-10 | N/A |
| The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2025-49922 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3. | ||||
| CVE-2025-11917 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-11-06 | 6.4 Medium |
| The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-57937 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-09-23 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10. | ||||
| CVE-2025-8103 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2025-07-29 | 4.3 Medium |
| The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-24793 | 1 Etruel | 1 Wpematico Rss Feed Fetcher | 2024-11-21 | 4.8 Medium |
| The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
Page 1 of 1.