CVE-2025-49312

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through <= 5.4.8.1.

CVSS

No CVSS.

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/rss-feed-post-generator-echo/vulnerability/wordpress-echo-rss-feed-post-generator-plugin-for-wordpress-plugin-5-4-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Configurations

No configuration.

History

01 Apr 2026, 17:25

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress permite XSS reflejado. Este problema afecta al plugin generador de publicaciones de feeds RSS Echo para WordPress desde la versión n/d hasta la 5.4.8.1.
Summary	(en) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress allows Reflected XSS. This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through 5.4.8.1.	(en) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through <= 5.4.8.1.
References	{'url': 'https://patchstack.com/database/wordpress/plugin/rss-feed-post-generator-echo/vulnerability/wordpress-echo-rss-feed-post-generator-plugin-for-wordpress-plugin-5-4-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/rss-feed-post-generator-echo/vulnerability/wordpress-echo-rss-feed-post-generator-plugin-for-wordpress-plugin-5-4-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve -
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : unknown

17 Jun 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-17 15:15

Updated : 2026-04-01 17:25

NVD link : CVE-2025-49312

Mitre link : CVE-2025-49312

CVE.ORG link : CVE-2025-49312

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON object

Attach tags to CVE-2025-49312

Attach tags to `CVE-2025-49312`