CVE-2020-36758
RSS Aggregator by Feedzy <= 3.4.2 - Cross-Site Request Forgery Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
El complemento RSS Aggregator de Feedzy para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 3.4.2 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función save_feedzy_post_type_meta(). Esto hace posible que atacantes no autenticados actualicen el metadato de la publicación a través de una solicitud falsificada, siempre que puedan engañar al administrador del sitio para que realice una acción como hacer click en un enlace.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-09-16 CVE Published
- 2023-07-11 CVE Reserved
- 2024-09-11 CVE Updated
- 2024-09-11 First Exploit
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (9)
URL | Date | SRC |
---|---|---|
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks | 2024-09-11 |
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/changeset/2369394/feedzy-rss-feeds/trunk/includes/admin/feedzy-rss-feeds-admin.php | 2023-11-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Themeisle Search vendor "Themeisle" | Rss Aggregator By Feedzy Search vendor "Themeisle" for product "Rss Aggregator By Feedzy" | <= 3.4.2 Search vendor "Themeisle" for product "Rss Aggregator By Feedzy" and version " <= 3.4.2" | wordpress |
Affected
|