CVE-2023-6805

Name of the Vulnerable Software and Affected Versions The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress versions up to, and including, 4.4.7

Description The plugin is vulnerable to Blind Server-Side Request Forgery via the fetch feed functionality. This allows authenticated attackers with contributor access and above to make web requests to arbitrary locations originating from the web application, potentially modifying information from internal services.

Recommendations For versions up to, and including, 4.4.7, update to version 4.4.8 to fully resolve the issue, as it fixes the vulnerability for both contributor and author-level users. As a temporary workaround, consider restricting access to the fetch feed functionality until a patch is available.