The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.
References
Configurations
History
21 Nov 2024, 08:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=cve - Third Party Advisory |
13 Feb 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-862 | |
CPE | cpe:2.3:a:themeisle:rss_aggregator_by_feedzy:*:*:*:*:*:wordpress:*:* | |
First Time |
Themeisle rss Aggregator By Feedzy
Themeisle |
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=cve - Third Party Advisory |
05 Feb 2024, 22:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 22:16
Updated : 2024-11-21 08:49
NVD link : CVE-2024-1092
Mitre link : CVE-2024-1092
CVE.ORG link : CVE-2024-1092
JSON object : View
Products Affected
themeisle
- rss_aggregator_by_feedzy
CWE
CWE-862
Missing Authorization