cleantalk
Vulnerabilities and Security Researches

RSS Feed Widget, CVE-2024-9836

CVE, Research URL

CVE-2024-9836

Home page URL

Security reports for RSS Feed Widget

Application

RSS Feed Widget

Published on
Nov 12, 2024
Research Description
The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 3.0.0.
Status
vulnerable
Previous vulnerability researches
RSS Feed Widget (CVE-2024-9835) , Nov 13, 2024
RSS Feed Widget (CVE-2024-9836) , Nov 13, 2024
RSS Feed Widget (CVE-2024-10057) , Oct 20, 2024
RSS Feed Widget (CVE-2025-69349) , Jan 09, 2026
RSS Feed Widget (CVE-2024-32690) , Jun 07, 2024
New vulnerability
Secure Copy Content Protection and Content Locking (CVE-2025-14442) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-14159) , Jan 11, 2026
VK Google Job Posting Manager (CVE-2025-68070) , Jan 11, 2026
WPCal.io – Easy Meeting Scheduler (CVE-2025-66103) , Jan 11, 2026
Calendar (CVE-2025-14548) , Jan 11, 2026