CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46452 – WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-46452
24 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. The Google News plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator... • https://patchstack.com/database/wordpress/plugin/google-news/vulnerability/wordpress-google-news-plugin-2-5-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28860 – WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-28860
11 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1. The Google News Editors Picks Feed Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject ma... • https://patchstack.com/database/wordpress/plugin/google-news-editors-picks-news-feeds/vulnerability/wordpress-google-news-editors-picks-feed-generator-plugin-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36912 – Andrea Pernici News Sitemap for Google plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36912
04 May 2022 — Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en el plugin Andrea Pernici News Sitemap for Google versiones anteriores a 1.0.16 incluyéndola en WordPress, los atacantes deben tener el rol de usuario contributor o superior • https://patchstack.com/database/vulnerability/google-news-sitemap/wordpress-andrea-pernici-news-sitemap-for-google-plugin-1-0-16-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •