First published: Sat Jan 06 2024(Updated: )
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Feedzy RSS Aggregator | <4.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6798 has been classified as a high-severity vulnerability due to the potential for unauthorized settings updates.
To fix CVE-2023-6798, update the RSS Aggregator by Feedzy plugin to version 4.3.3 or later.
All users of the RSS Aggregator by Feedzy plugin for WordPress versions up to and including 4.3.2 are affected by CVE-2023-6798.
CVE-2023-6798 allows attackers to update settings without authorization due to a missing capability check.
There have been reports indicating that CVE-2023-6798 could potentially be exploited in the wild.