WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

Basic Information

ID CVE-2025-13031

Source WPScan

Published Dec 9, 2025 at 06:00

Modified Dec 11, 2025 at 14:36

Affected Product

Vendor Unknown

Product WPeMatico RSS Feed Fetcher

Affected Versions Unknown WPeMatico RSS Feed Fetcher 0

CWE Classification

References

wpscan.com /vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/

{
    "lastseen": "",
    "description": "The WPeMatico RSS Feed Fetcher WordPress plugin before 2.8.13 does not sanitize and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks",
    "published": "2025-12-09T06:00:07.514Z",
    "modified": "2025-12-11T14:36:26.345Z",
    "type": "cve",
    "title": "WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/9bf76fed-8f0a-4aef-8cf4-f6839c8f0a53/",
    "id": "CVE-2025-13031",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown WPeMatico RSS Feed Fetcher 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WPeMatico RSS Feed Fetcher",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS_CVE-2025-13031