WordPress Plugin Vulnerabilities
RSS Feed Widget < 2.8.1 - Authenticated Cross-Site Scripting (XSS)
Description
The RSS Feed Widget WordPress plugin version 2.8.0 and below was vulnerable to Authenticated Cross-Site Scripting (XSS) within the "t" GET parameter.
Proof of Concept
Affects Plugins
Fixed in 2.8.1 References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
zerodetail & ratherbland
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-08-10 (about 5 years ago)
Added
2020-08-26 (about 5 years ago)
Last Updated
2020-08-27 (about 5 years ago)
WPScan 