CVE-2020-36758 in RSS Aggregator Plugininfo

Zusammenfassung

von MITRE • 25.10.2023

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

Wordfence

Reservieren

11.07.2023

Veröffentlichung

25.10.2023

Moderieren

akzeptiert

Eintrag

VDB-243051

CPE

bereit

EPSS

0.00397

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!