Coderevolution Echo Rss Feed Post Generator vulnerabilities
2 known vulnerabilities affecting coderevolution/echo_rss_feed_post_generator.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2024-9265P1CRITICALCVSS 9.8Exploitedfixed in 5.4.7≤ 5.4.62024-10-01
CVE-2024-9265 [CRITICAL] CWE-269 CVE-2024-9265: The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all v
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as
nvd
CVE-2025-4391P2CRITICALCVSS 9.8≤ 5.4.8.12025-05-17
CVE-2025-4391 [CRITICAL] CWE-434 CVE-2025-4391: The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make rem
nvd