Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-12-12

CVE-2025-13031 - Wpematico Rss Feed Fetcher Plugin

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

PLUGIN Wpematico Rss Feed Fetcher

CVE-2025-13031

MEDIUM CVSS 5.9 2025-12-09
Open Full Technical Breakdown
Threat Entry Updated 2025-11-06

CVE-2025-11917 - Wpematico Rss Feed Fetcher Plugin

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.11 via the wpematico_test_feed() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

PLUGIN Wpematico Rss Feed Fetcher

CVE-2025-11917

MEDIUM CVSS 6.4 2025-11-05
Open Full Technical Breakdown
Threat Entry Updated 2025-07-29

CVE-2025-8103 - Wpematico Rss Feed Fetcher Plugin

The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wpematico Rss Feed Fetcher

CVE-2025-8103

MEDIUM CVSS 4.3 2025-07-26
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24793 - Wpematico Rss Feed Fetcher Plugin

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

PLUGIN Wpematico Rss Feed Fetcher

CVE-2021-24793

MEDIUM CVSS 4.8 2021-11-01
Open Full Technical Breakdown
Scroll to top