The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up to, and including, 4.23.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or pause existing RSS feeds.
Metrics
Affected Vendors & Products
References
History
Wed, 07 Aug 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rebelcode
Rebelcode rss Aggregator |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:rebelcode:rss_aggregator:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Rebelcode
Rebelcode rss Aggregator |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-07-16T11:00:58.101Z
Updated: 2024-08-01T21:41:04.059Z
Reserved: 2024-07-09T15:57:47.785Z
Link: CVE-2024-6621
Vulnrichment
Updated: 2024-08-01T21:41:04.059Z
NVD
Status : Modified
Published: 2024-07-16T11:15:10.357
Modified: 2024-11-21T09:50:01.200
Link: CVE-2024-6621
Redhat
No data.