CVE-2024-9835

Name of the Vulnerable Software and Affected Versions RSS Feed Widget WordPress plugin versions prior to 3.0.1

Description The issue arises from the failure to escape the REQUEST URI parameter before outputting it back in an attribute. This could lead to Reflected Cross-Site Scripting in old web browsers.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSS Feed Widget until the update is applied.