CVE-2024-0628

Name of the Vulnerable Software and Affected Versions WP RSS Aggregator plugin for WordPress versions up to, and including, 4.23.5

Description The issue allows authenticated attackers with administrator-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the RSS feed source in admin settings.

Recommendations For versions up to, and including, 4.23.5, update to a version later than 4.23.5 to resolve the issue. As a temporary workaround, consider restricting access to the admin settings and the RSS feed source to minimize the risk of exploitation.