Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rebelcode — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting rebelcode. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rebelcode develops software components primarily for web applications, with a core focus on content management and e-commerce solutions. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for the majority of their 9 recorded CVEs. Security researchers have noted consistent patterns in input validation failures and insufficient access controls across their codebase. While no major public security incidents have been documented, the accumulation of multiple CVEs within a relatively short timeframe suggests systemic security challenges that require prioritized remediation efforts.

Top products by rebelcode: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Spotlight Social Media Feeds
CVE IDTitleCVSSSeverityPublished
CVE-2026-2433 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-79 6.1 Medium2026-03-07
CVE-2026-1216 RSS Aggregator <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-79 7.2 High2026-02-17
CVE-2025-14745 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wp-rss-aggregator Shortcode — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-79 6.4 Medium2026-01-23
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-79 6.1 Medium2026-01-16
CVE-2025-26758 WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability — Spotlight Social Media FeedsCWE-497 5.3 Medium2025-02-17
CVE-2024-9583 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-862 4.3 Medium2024-10-23
CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-862 4.3 Medium2024-07-16
CVE-2024-31381 WordPress Spotlight Social Feeds plugin <= 1.6.10 - Cross Site Request Forgery (CSRF) vulnerability — Spotlight Social Media FeedsCWE-352 4.3 Medium2024-04-15
CVE-2024-0630 WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source — RSS Aggregator – RSS Import, News Feeds, Feed to Post, and AutobloggingCWE-79 4.4 Medium2024-02-05

This page lists every published CVE security advisory associated with rebelcode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.