cleantalk
Vulnerabilities and Security Researches

WPeMatico RSS Feed Fetcher, CVE-2021-24793

CVE, Research URL

CVE-2021-24793

Home page URL

Security reports for WPeMatico RSS Feed Fetcher

Application

WPeMatico RSS Feed Fetcher

Published on
Nov 01, 2021
Research Description
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
Min -, max 2.6.12.
Status
vulnerable
Previous vulnerability researches
WPeMatico RSS Feed Fetcher (CVE-2021-24793) , Jun 07, 2024
WPeMatico RSS Feed Fetcher (CVE-2025-8103) , Jul 26, 2025
New vulnerability
Frontend File Manager Plugin (CVE-2023-7306) , Jul 27, 2025
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition (CVE-2025-6441) , Jul 27, 2025
Timber (CVE-2024-45411) , Jul 27, 2025
Advanced iFrame (CVE-2025-6987) , Jul 27, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025