Impact
Improper neutralization of user input in the FeedWordPress Advanced Filters plugin allows attackers to embed malicious scripts that are reflected back to the browser. This reflected cross‑site scripting flaw is defined by CWE‑79 and is rated CVSS 7.1, indicating high severity.
Affected Systems
All installations of the FeedWordPress Advanced Filters WordPress plugin up to and including version 0.6.2 are affected. The plugin is authored by Bas Schuiling and is commonly used to extend WordPress feed handling. Any site running these versions without the fix remains vulnerable.
Risk and Exploitability
The EPSS score is below 1 % and the vulnerability has not been recorded in the CISA KEV catalogue, which suggests it is not currently widely exploited. Since the flaw can be triggered through a crafted URL or form input, the risk remains notable for sites that expose the filter interface to untrusted users. The likely attack vector is a crafted URL or form input that triggers the reflected XSS.
OpenCVE Enrichment