CVE Catalog

CVE-2026-57349

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The WPeMatico RSS Feed Fetcher plugin versions up to 2.8.17 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can inject malicious script without authentication.

Risk Assessment

Risk includes session hijacking, redirection to malicious sites, and theft of sensitive data. The attack can be performed remotely without authentication.

Recommendation

Immediately update the WPeMatico RSS Feed Fetcher plugin to the latest available version. Consider deploying Web Application Firewalls (WAF) to block XSS attacks.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS