WP RSS Aggregator

RebelCode

Developer

5.2.0

Latest version

40,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

11 patched

6 Mitigation rules

WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage vulnerability
<= 5.0.11
09/03/2026
Reflected Cross-Site Scripting via 'template' Parameter vulnerability
<= 5.0.10
18/02/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode vulnerability
<= 5.0.10
23/01/2026
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability
<= 5.0.10
16/01/2026
Missing Authorization vulnerability
<= 4.23.12
22/10/2024
Missing Authorization to Authenticated (Subscriber+) Feed State Update vulnerability
<= 4.23.11
16/07/2024
Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source vulnerability
<= 4.23.5
07/02/2024
Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source vulnerability
<= 4.23.4
26/01/2024
Reflected Cross-Site Scripting (XSS) vulnerability
<= 4.19.3
26/01/2022
Stored Cross-Site Scripting (XSS) vulnerability
<= 4.19.2
29/11/2021
Stored Cross-Site Scripting (XSS) vulnerability
<= 4.19.1
01/11/2021