WordPress Plugin Vulnerabilities

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

Description

The plugin is affected by a Reflected Cross-Site Scripting (XSS) within the "visibility" parameter.

Proof of Concept

Affects Plugins

Plugin icon
feedwordpress
Fixed in 2022.0123

References

CVE
CVE-2021-25055
URL
https://plugins.trac.wordpress.org/changeset/2662665

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Hung Chien
Submitter
AKM17
Verified
Yes
WPVDB ID
7ed050a4-27eb-4ecb-9182-1d8fa1e71571

Timeline

Publicly Published
2022-01-18 (about 3 years ago)
Added
2022-01-18 (about 3 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2025-12-21
Title
Draft Notify <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2020-08-26
Title
FooGallery < 1.9.25 - Authenticated Cross-Site Scripting (XSS)
Published
2024-11-26
Title
WP Admin UI Customize < 1.5.14 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-05-15
Title
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS