Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2024-9835
- EPSS 0.07%
- Published 12.11.2024 06:15:04
- Last modified 15.05.2025 16:35:15
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
5.4
CVE-2024-10057
- EPSS 0.08%
- Published 18.10.2024 10:15:03
- Last modified 21.10.2024 20:53:22
The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplie...
5.9
CVE-2024-32690
- EPSS 0.12%
- Published 22.04.2024 08:15:37
- Last modified 21.11.2024 09:15:29
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7.
1