关键信息 漏洞名称: Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger CVE编号: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:A/N CVSS评分: 4.3 漏洞类型: Cross-Site Request Forgery (CSRF) 公开发布日期: September 26, 2025 最后更新日期: September 27, 2025 研究员: Nabil Inawan - Heroes Cyber Security 受影响版本: <= 1.0.1 修复状态: No patch available 缓解措施: Uninstall the affected software and find a replacement. 软件类型: Plugin 软件Slug: sync-feedly 描述: The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the cron_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.