CVE-2026-2433 | RSS Aggregator Plugin up to 5.0.11 on WordPress admin-shell.js postMessage cross site scripting

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability categorized as problematic has been discovered in RSS Aggregator Plugin up to 5.0.11 on WordPress. Affected is the function postMessage of the file admin-shell.js. Executing a manipulation can lead to cross site scripting.

This vulnerability is handled as CVE-2026-2433. The attack can be executed remotely. There is not any exploit available.

CVE-2026-2433 | RSS Aggregator Plugin up to 5.0.11 on WordPress admin-shell.js postMessage cross site scripting

Post correlati

CVE-2023-50236 | Siemens Polarion ALM default permission (ssa-871717)

CVE-2025-9797 | mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0 Edit Product Page /admin/product/edit/ injection (Issue 288)

CVE-2025-21189 | Microsoft Windows up to Server 2025 MapUrlToZone resolution of path

CVE-2024-8041 | GitLab Community Edition/Enterprise Edition up to 17.1.5/17.2.3/17.3.0 Import resource consumption