Description
WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator version 4.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.4.8 or latest
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0248)
WordPress Plugin Advanced Custom Fields PRO Security Bypass (5.12)
WordPress Plugin WP Custom Fields Search Cross-Site Scripting (0.3.28)