CVE-2025-13031 - Vulnerability Details

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Etruel	Wpematico Rss Feed Fetcher
Wordpress	Wordpress

No data.

References

Link	Providers
https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/

History

Wed, 10 Dec 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Etruel Etruel wpematico Rss Feed Fetcher Wordpress Wordpress wordpress
Vendors & Products		Etruel Etruel wpematico Rss Feed Fetcher Wordpress Wordpress wordpress

Tue, 09 Dec 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Title		WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS
References		https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-12-09T06:00:07.514Z

Updated: 2025-12-09T06:00:07.514Z

Reserved: 2025-11-11T15:50:05.832Z

Link: CVE-2025-13031

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:34.980

Modified: 2025-12-09T18:37:13.640

Link: CVE-2025-13031

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object