CVE-2023-6801: 
WordPress vulnerability analysis and mitigation

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2023-6801) discovered in January 2024. This vulnerability affects all versions up to and including 4.3.2. The issue stems from insufficient input sanitization and output escaping in the plugin's admin settings (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue that exists in the admin settings of the plugin. The CVSS v3.1 base score is 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability requires low attack complexity but also requires privileges and user interaction to exploit (NVD, Wordfence).

The vulnerability allows authenticated attackers with author-level permissions or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially leading to unauthorized actions or data theft (NVD).

Users should update to version 4.3.3 or later of the RSS Aggregator by Feedzy plugin which contains patches for this vulnerability (NVD).