WP-RSSImport” has a security vulnerability

  • Resolved mpfischer

    (@mpfischer)


    1 year, 1 month ago

    Get this message from wordfence today:
    “The Plugin “WP-RSSImport” has a security vulnerability. Type: Plugin Vulnerable”
    The RSSImport plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping.

    Is there a patch aviable?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

  • @mpfischer thanks for sharing with us, unfortunately, I’m afraid this might not be related to the WP Resource Aggregator plugin. The plugin’s latest version is 4.23.2. Would you mind confirming and also sharing more details on the security report through our support email at [email protected]

    MT

    (@micheletenaglia)

    @mikeyboo I have had the same problem, I will write in private.

    Plugin Author Mark Zahra

    (@markzahra)

    @micheletenaglia, as Mike mentioned earlier, the plugin versions don’t match up between the report and our latest version. If you have any private details to share, you’re welcome to contact us from this page so we can investigate further, otherwise you can post the information here in this forum so that others can follow along.

    Just keep in mind that our plugin is called WP RSS Aggregator, yet the vulnerability report above mentions a different plugin, “WP-RSSImport”.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WP-RSSImport” has a security vulnerability’ is closed to new replies.