cleantalk
Vulnerabilities and Security Researches

WPeMatico RSS Feed Fetcher, CVE-2021-24793

CVE, Research URL

CVE-2021-24793

Home page URL

Security reports for WPeMatico RSS Feed Fetcher

Application

WPeMatico RSS Feed Fetcher

Published on
Nov 01, 2021
Research Description
The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
max 2.6.12.
Status
vulnerable
Previous vulnerability researches
WPeMatico RSS Feed Fetcher (CVE-2021-24793) , Jun 07, 2024
WPeMatico RSS Feed Fetcher (CVE-2025-49922) , Nov 11, 2025
WPeMatico RSS Feed Fetcher (CVE-2025-57937) , Apr 25, 2026
WPeMatico RSS Feed Fetcher (CVE-2025-8103) , Jul 26, 2025
WPeMatico RSS Feed Fetcher (CVE-2025-13031) , Dec 11, 2025
New vulnerability
SnapWidget Social Photo Feed Widget (CVE-2025-58241) , Apr 25, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2025-59573) , Apr 25, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2025-7721) , Apr 25, 2026
World first Lifetime free Form Builder for WordPress (CVE-2025-58957) , Apr 25, 2026
Ultimate Classified Listings (CVE-2025-9874) , Apr 25, 2026