cleantalk
Vulnerabilities and Security Researches

RSS Feed Widget, CVE-2024-9835

CVE, Research URL

CVE-2024-9835

Home page URL

Security reports for RSS Feed Widget

Application

RSS Feed Widget

Published on
Nov 12, 2024
Research Description
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Affected versions
max 3.0.1.
Status
vulnerable
Previous vulnerability researches
RSS Feed Widget (CVE-2024-9835) , Nov 13, 2024
RSS Feed Widget (CVE-2024-9836) , Nov 13, 2024
RSS Feed Widget (CVE-2024-10057) , Oct 20, 2024
RSS Feed Widget (CVE-2025-69349) , Jan 09, 2026
RSS Feed Widget (CVE-2024-32690) , Jun 07, 2024
New vulnerability
Secure Copy Content Protection and Content Locking (CVE-2025-14442) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-14159) , Jan 11, 2026
VK Google Job Posting Manager (CVE-2025-68070) , Jan 11, 2026
WPCal.io – Easy Meeting Scheduler (CVE-2025-66103) , Jan 11, 2026
Calendar (CVE-2025-14548) , Jan 11, 2026