Vulnerabilities and security researches forwpematico wpematico

Jun 07, 2024

CVE, Research URL: CVE-2021-24793
Home page URL: Security reports for WPeMatico RSS Feed Fetcher
Application: WPeMatico RSS Feed Fetcher
Date: Nov 01, 2021
Research Description: The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 2.6.12.
Status: vulnerable

Jul 26, 2025

CVE, Research URL: CVE-2025-8103
Home page URL: Security reports for WPeMatico RSS Feed Fetcher
Application: WPeMatico RSS Feed Fetcher
Date: Jul 26, 2025
Research Description: The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.8.8.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-49922
Home page URL: Security reports for WPeMatico RSS Feed Fetcher
Application: WPeMatico RSS Feed Fetcher
Date: Oct 22, 2025
Research Description: Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
Affected versions: max 2.8.3.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-13031
Home page URL: Security reports for WPeMatico RSS Feed Fetcher
Application: WPeMatico RSS Feed Fetcher
Date: Dec 09, 2025
Research Description: The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Affected versions: max 2.8.13.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-57937
Home page URL: Security reports for WPeMatico RSS Feed Fetcher
Application: WPeMatico RSS Feed Fetcher
Date: Sep 23, 2025
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
Affected versions: max 2.8.11.
Status: vulnerable