cleantalk
Vulnerabilities and Security Researches

WP Filter & Combine RSS Feeds, CVE-2025-7828

CVE, Research URL

CVE-2025-7828

Home page URL

Security reports for WP Filter & Combine RSS Feeds

Application

WP Filter & Combine RSS Feeds

Published on
Aug 23, 2025
Research Description
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete feeds.
Affected versions
Min -, max 0.4.
Status
vulnerable
Previous vulnerability researches
Cookie Notice Bar (CVE-2024-13849) , Feb 22, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Notice Bar (CVE-2023-41847) , Jun 07, 2024
New vulnerability
Яндекс.ПДС Пингер / Yandex Site search pinger (CVE-2025-48352) , Aug 24, 2025
Link View (CVE-2025-49039) , Aug 24, 2025
WP Fast Total Search – The Power of Indexed Search (CVE-2025-57893) , Aug 24, 2025
Recurring PayPal Donations (CVE-2025-57891) , Aug 24, 2025
Church Admin (CVE-2025-57896) , Aug 24, 2025