CVE-2025-14375

Name of the Vulnerable Software and Affected Versions RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress versions through 5.0.10

Description The WordPress RSS Aggregator plugin is susceptible to a Reflected Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the className parameter allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script.

Recommendations Update the RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin to version 5.0.11 or later.