The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 22 Apr 2025 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 31 Dec 2024 17:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Themeisle Themeisle rss Aggregator By Feedzy | |
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:themeisle:rss_aggregator_by_feedzy:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products | Themeisle Themeisle rss Aggregator By Feedzy | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-20T18:56:21.078Z
Updated: 2025-04-22T16:25:08.275Z
Reserved: 2024-02-07T16:38:39.144Z
Link: CVE-2024-1318
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-01T18:33:25.377Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-02-29T01:43:47.457
Modified: 2024-12-31T16:56:50.763
Link: CVE-2024-1318
 Redhat
                        Redhat
                    No data.