CVE Catalog
CVE-2026-57349
HighCVSS 7.1Summary
The WPeMatico RSS Feed Fetcher plugin versions up to 2.8.17 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can inject malicious script without authentication.
Risk Assessment
Risk includes session hijacking, redirection to malicious sites, and theft of sensitive data. The attack can be performed remotely without authentication.
Recommendation
Immediately update the WPeMatico RSS Feed Fetcher plugin to the latest available version. Consider deploying Web Application Firewalls (WAF) to block XSS attacks.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.

