RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

Vulnerabilities 13Slug wp-rss-aggregatorLatest version 5.0.12WordPress.org →

Minimum safe version

5.0.12

Update to 5.0.12 or later to address 13 fixable vulnerabilities

Latest available5.0.12 ✓

N/A

2026-02-16< 5.0.11

RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter

Wordfence CVE

N/A

2026-03-06< 5.0.12

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage

Wordfence CVE

Medium 6.4

2026-01-23< 5.0.11

CVE-2025-14745

CVE Wordfence

Medium 6.1

2026-01-16< 5.0.11

CVE-2025-14375

CVE Wordfence

Medium 5.4

2024-10-23< 4.23.13

CVE-2024-9583

CVE Patchstack Wordfence

Medium 4.3

2024-07-16< 4.23.12

CVE-2024-6621

CVE Patchstack Wordfence

Medium 6.1

2024-05-14< 4.23.9

CVE-2024-4860

CVE Wordfence

Low 3.8

2024-02-07< 4.23.6

CVE-2024-0628

CVE Wordfence Patchstack WPScan

Medium 4.8

2024-02-05< 4.23.5

CVE-2024-0630

CVE Patchstack Wordfence WPScan

N/A

2014-12-16< 4.6.4

WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More <= 4.6.3 - Authorization Bypass

Wordfence

Medium 4.8

2021-11-29< 4.20

CVE-2021-24768

CVE Patchstack Wordfence WPScan

Medium 5.4

2021-12-27< 4.20

CVE-2021-24988

CVE Patchstack Wordfence WPScan

Medium 6.1

2022-02-28< 4.20

CVE-2022-0189

CVE Patchstack Wordfence WPScan