What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through <= 5.4.8.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Echo RSS Feed Post Generator plugin for WordPress contains a cross-site scripting (XSS) vulnerability in versions up to 5.4.8.1. An attacker can inject malicious scripts into RSS feed content that execute in the browsers of site visitors. The vulnerability requires user interaction—typically a visitor viewing a page with the affected plugin—and can affect other users on the site. Update the plugin to a version newer than 5.4.8.1.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in visitors' browsers when they view pages with RSS feed content.
Potential impact on your site
04Site Impact
Attackers can steal visitor session cookies, redirect users, or deface content displayed on your site.
Conditions required to exploit
05Prerequisites
No authentication required. A site visitor must view a page containing the vulnerable RSS feed display.
Key dates
06Disclosure timeline
June 17, 2025
CVE published
April 28, 2026
Record updated