Does WPeMatico RSS Feed Fetcher have any unpatched vulnerabilities?

No. All known vulnerabilities in WPeMatico RSS Feed Fetcher have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPeMatico RSS Feed Fetcher compatible with WordPress 7.0?

According to WordPress.org data, WPeMatico RSS Feed Fetcher 2.8.16 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is WPeMatico RSS Feed Fetcher compatible with PHP 7.0+?

WPeMatico RSS Feed Fetcher requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPeMatico RSS Feed Fetcher updated?

WPeMatico RSS Feed Fetcher was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is WPeMatico RSS Feed Fetcher's security score?

WPeMatico RSS Feed Fetcher has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPeMatico RSS Feed Fetcher Security & Risk Analysis

wordpress.org/plugins/wpematico

WPeMatico is autoblogging in the blink of an eye! On complete autopilot, WPeMatico delivers fresh content to your site regularly!

10K active installs v2.8.16 PHP 7.0+ WP 4.8+ Updated Mar 4, 2026

feed-to-postrssrss-aggregatorrss-to-blogxml

A · Safe

CVEs total6

Unpatched0

Last CVENov 18, 2025

Plugin page Download

Safety Verdict

Is WPeMatico RSS Feed Fetcher Safe to Use in 2026?

Generally Safe

Score 95/100

WPeMatico RSS Feed Fetcher has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Nov 18, 2025Updated 29d ago

Risk Assessment

The plugin wpematico v2.8.16 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and implementing a significant number of nonce and capability checks, several concerns warrant attention. The static analysis reveals a substantial attack surface, with 17 AJAX handlers, of which 6 lack authentication checks. This creates a potential entry point for unauthorized actions if these handlers are not properly secured at the application level. Furthermore, the taint analysis, although not revealing critical or high severity flows, did identify one flow with unsanitized paths, indicating a potential for vulnerabilities if not thoroughly reviewed and remediated. The vulnerability history is a significant concern, with 6 known medium severity CVEs, all of which are reported as currently unpatched. These past vulnerabilities span critical areas like SSRF, information exposure, CSRF, missing authorization, and XSS, suggesting a recurring pattern of security weaknesses. The plugin's strengths lie in its robust SQL handling and extensive use of security checks. However, the presence of unpatched medium severity CVEs and the unprotected AJAX handlers present significant risks that overshadow these strengths.

Key Concerns

6 unprotected AJAX handlers
49% output escaping is not proper
1 flow with unsanitized paths
6 unpatched medium CVEs

Vulnerabilities

WPeMatico RSS Feed Fetcher Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

5 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2025-13031medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPeMatico RSS Feed Fetcher <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting

Nov 18, 2025 Patched in 2.8.13 (24d)

CVE-2025-11917medium · 6.4Server-Side Request Forgery (SSRF)

WPeMatico RSS Feed Fetcher <= 2.8.11 - Authenticated (Subscriber+) Server-Side Request Forgery via wpematico_test_feed

Nov 4, 2025 Patched in 2.8.12 (1d)

CVE-2025-57937medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

WPeMatico RSS Feed Fetcher <= 2.8.10 - Authenticated (Subscriber+) Sensitive Information Exposure

Sep 22, 2025 Patched in 2.8.11 (5d)

CVE-2025-8103medium · 4.3Cross-Site Request Forgery (CSRF)

WPeMatico RSS Feed Fetcher <= 2.8.7 - Cross-Site Request Forgery to Plugin Deactivation via handle_feedback_submission Function

Jul 25, 2025 Patched in 2.8.8 (1d)

CVE-2025-49922medium · 4.3Missing Authorization

WPeMatico RSS Feed Fetcher <= 2.8.3 - Missing Authorization

May 29, 2025 Patched in 2.8.4 (160d)

CVE-2021-24793medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting

Sep 29, 2021 Patched in 2.6.12 (846d)

Code Analysis

Analyzed Mar 16, 2026

WPeMatico RSS Feed Fetcher Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

399

379 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

49% escaped778 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

23 flows1 with unsanitized paths

wpematico_show_data_info (app\debug_page.php:773)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

WPeMatico RSS Feed Fetcher Attack Surface

Entry Points17

Unprotected6

AJAX Handlers 17

authwp_ajax_manage_wpematico_save_bulk_editapp\campaigns_list.php:24

authwp_ajax_get_wpematico_categ_bulk_editapp\campaigns_list.php:25

authwp_ajax_wpematico_runapp\campaign_edit.php:22

authwp_ajax_wpematico_checkfieldsapp\campaign_edit.php:23

authwp_ajax_wpematico_test_feedapp\campaign_edit.php:24

authwp_ajax_wpematico_preview_get_itemapp\campaign_preview_item.php:27

authwp_ajax_wpematico_get_feed_fileapp\debug_page.php:26

authwp_ajax_wpematico_close_tnotificationapp\notification_traslate.php:38

authwp_ajax_handle_feedback_submissionapp\plugin_functions.php:26

authwp_ajax_fetch_taxonomiesapp\plugin_functions.php:513

authwp_ajax_fetch_tagsapp\plugin_functions.php:539

authwp_ajax_process_button_clickapp\settings_page.php:23

noprivwp_ajax_process_button_clickapp\settings_page.php:24

authwp_ajax_wpematico_dismiss_wprate_noticeapp\smart_notifications.php:15

authwp_ajax_wpematico_dismiss_wizard_noticeapp\smart_notifications.php:16

authwp_ajax_download_wpematico_logapp\tools_page.php:23

authwp_ajax_wpematico_xml_check_dataapp\xml-importer.php:16

WordPress Hooks 139

actionadmin_initapp\addons_page.php:34

actionadmin_menuapp\addons_page.php:69

actionadmin_headapp\addons_page.php:139

actionadmin_initapp\addons_page.php:173

filtermanage_plugins_page_wpemaddons_columnsapp\addons_page.php:267

actionmanage_plugins_custom_columnapp\addons_page.php:281

filterall_pluginsapp\addons_page.php:363

filterviews_pluginsapp\addons_page.php:515

actionpre_current_active_pluginsapp\addons_page.php:539

actionadmin_initapp\addons_page.php:576

filterpost_updated_messagesapp\campaigns_list.php:15

actionadmin_noticesapp\campaigns_list.php:16

actionadmin_action_wpematico_copy_campaignapp\campaigns_list.php:17

actionadmin_action_wpematico_toggle_campaignapp\campaigns_list.php:18

actionadmin_action_wpematico_reset_campaignapp\campaigns_list.php:19

actionadmin_action_wpematico_clear_campaignapp\campaigns_list.php:20

actionadmin_action_wpematico_delhash_campaignapp\campaigns_list.php:21

actionin_admin_headerapp\campaigns_list.php:22

actionadmin_initapp\campaigns_list.php:28

filterbulk_actions-edit-wpematicoapp\campaigns_list.php:42

filterhandle_bulk_actions-edit-wpematicoapp\campaigns_list.php:43

filtermanage_edit-wpematico_columnsapp\campaigns_list.php:46

actionmanage_wpematico_posts_custom_columnapp\campaigns_list.php:47

filterpost_row_actionsapp\campaigns_list.php:48

filtermanage_edit-wpematico_sortable_columnsapp\campaigns_list.php:49

actionpre_get_postsapp\campaigns_list.php:50

filterwp_kses_allowed_htmlapp\campaigns_list.php:51

actionrestrict_manage_postsapp\campaigns_list.php:54

actionpre_get_postsapp\campaigns_list.php:55

filterviews_edit-wpematicoapp\campaigns_list.php:58

filterdisable_months_dropdownapp\campaigns_list.php:59

filterdisable_categories_dropdownapp\campaigns_list.php:60

actionadmin_print_styles-edit.phpapp\campaigns_list.php:63

actionadmin_print_scripts-edit.phpapp\campaigns_list.php:64

actionquick_edit_custom_boxapp\campaigns_list.php:67

filtereditable_slugapp\campaigns_list.php:68

actionrestrict_manage_postsapp\campaigns_list.php:71

actioninitapp\campaign_edit.php:9

actionsave_postapp\campaign_edit.php:21

actionadmin_print_styles-post.phpapp\campaign_edit.php:25

actionadmin_print_styles-post-new.phpapp\campaign_edit.php:26

actionadmin_print_scripts-post.phpapp\campaign_edit.php:27

actionadmin_print_scripts-post-new.phpapp\campaign_edit.php:28

actionadmin_headapp\campaign_edit.php:42

actionadmin_headapp\campaign_edit.php:111

actionpost_submitbox_startapp\campaign_edit_functions.php:52

actionpost_submitbox_startapp\campaign_edit_functions.php:53

actionwpematico_campaign_feed_header_columnapp\campaign_edit_functions.php:55

actionwpematico_campaign_feed_body_columnapp\campaign_edit_functions.php:56

actionadmin_footerapp\campaign_edit_functions.php:58

actionwpematico_inserted_postapp\campaign_fetch.php:74

filterwpematico_custom_chrsetapp\campaign_fetch.php:129

filterwpematico_after_item_parsersapp\campaign_fetch.php:130

filterwpematico_after_item_parsersapp\campaign_fetch.php:131

filterwpematico_after_item_parsersapp\campaign_fetch.php:132

filterwpematico_after_item_parsersapp\campaign_fetch.php:133

filterwpematico_get_post_content_feedapp\campaign_fetch.php:136

filterwpematico_get_item_imagesapp\campaign_fetch.php:137

filterwpematico_excludesapp\campaign_fetch.php:138

filterwpematico_duplicatesapp\campaign_fetch.php:141

filterwpematico_set_featured_imgapp\campaign_fetch.php:144

filterwpematico_get_featured_imgapp\campaign_fetch.php:145

filterwpematico_item_filters_pos_imgapp\campaign_fetch.php:146

filtercontent_save_preapp\campaign_fetch.php:833

filterwpematico_featured_image_attach_idapp\campaign_fetch_functions.php:978

actionwpematico_inserted_postapp\campaign_fetch_functions.php:981

actionadmin_post_wpematico_campaign_logapp\campaign_log.php:25

actionadmin_post_wpematico_campaign_previewapp\campaign_preview.php:21

actionwpematico_preview_print_stylesapp\campaign_preview.php:22

actionwpematico_preview_print_scriptsapp\campaign_preview.php:23

actionadmin_post_wpematico_campaign_preview_itemapp\campaign_preview_item.php:24

actionwpematico_preview_item_print_stylesapp\campaign_preview_item.php:25

actionwpematico_preview_item_print_scriptsapp\campaign_preview_item.php:26

filterwpematico_preview_item_campaignapp\campaign_preview_item.php:29

filterwpematico_allow_insertpostapp\campaign_preview_item.php:30

actionadmin_enqueue_scriptsapp\compatibilities.php:12

filterpre_get_postsapp\compatibilities.php:13

actionadmin_enqueue_scriptsapp\compatibilities.php:17

actionadmin_post_wpematico_cronapp\cron.php:25

actionadmin_post_nopriv_wpematico_cronapp\cron.php:26

actionadmin_headapp\debug_page.php:9

actionwpematico_tools_section_feed_viewerapp\debug_page.php:112

actionwpematico_tools_section_danger_zoneapp\debug_page.php:260

actionwpematico_tools_section_debug_fileapp\debug_page.php:361

actionadmin_post_set_danger_dataapp\debug_page.php:1526

actionwpematico_download_debug_infoapp\debug_page.php:1967

actionwpematico_welcome_page_beforeapp\notification_traslate.php:35

actionwpematico_setting_page_beforeapp\notification_traslate.php:36

actionwpematico_settings_tab_pro_licensesapp\notification_traslate.php:37

filterplugin_row_metaapp\plugin_functions.php:20

actionadmin_headapp\plugin_functions.php:23

actionadmin_footerapp\plugin_functions.php:24

actionadmin_print_styles-plugins.phpapp\plugin_functions.php:25

actionplugins_loadedapp\plugin_functions.php:363

filterwpematico_check_campaigndataapp\plugin_functions.php:385

filterwpematico_check_campaigndataapp\plugin_functions.php:387

actionwpematico_settings_tab_pro_licensesapp\settings_page.php:19

actionwpematico_settings_tab_settingsapp\settings_page.php:20

actionadmin_post_save_wpematico_settingsapp\settings_page.php:21

actionadmin_initapp\settings_page.php:22

actionadmin_headapp\settings_page.php:60

actionadmin_headapp\smart_notifications.php:13

actionadmin_noticesapp\smart_notifications.php:38

actionedit_form_topapp\smart_notifications.php:39

actionwpematico_tools_tab_toolsapp\tools_page.php:20

actionwpematico_tools_tab_debug_logapp\tools_page.php:21

actionadmin_initapp\tools_page.php:22

actionadmin_headapp\tools_page.php:158

actionadmin_initapp\wp-backend-helpers.php:15

actionadmin_initapp\wp-backend-helpers.php:16

actionadd_meta_boxesapp\wp-backend-helpers.php:17

actionparse_queryapp\wp-backend-helpers.php:58

actionadmin_headapp\wp-backend-helpers.php:59

actionwp_dashboard_setupapp\wp-backend-helpers.php:225

actionadmin_noticesapp\wpematico_functions.php:671

actionadmin_initapp\wpematico_functions.php:1800

actionwpematico_wp_ratingsapp\wpematico_functions.php:1880

filterwpematico_custom_simplepieapp\xml-importer.php:17

filterwpematico_get_item_imagesapp\xml-importer.php:18

filterpost_mime_typesapp\xml-importer.php:23

filtermime_typesapp\xml-importer.php:24

actionadmin_noticeswpematico.php:54

actioninitwpematico.php:104

actionadmin_initwpematico.php:105

actionthe_permalinkwpematico.php:106

filterpost_linkwpematico.php:107

filterget_canonical_urlwpematico.php:108

filtercron_scheduleswpematico.php:134

actionwpematico_cronwpematico.php:135

actionadmin_action_wpematico_export_settingswpematico_class.php:58

actionadmin_action_wpematico_import_settingswpematico_class.php:59

actionadmin_menuwpematico_class.php:62

actionadmin_initwpematico_class.php:63

actionadmin_print_styleswpematico_class.php:65

actionin_admin_headerwpematico_class.php:66

filterwpematico_check_campaigndatawpematico_class.php:72

filterwpematico_check_optionswpematico_class.php:73

actionrestrict_manage_postswpematico_class.php:78

filterupload_mimeswpematico_class.php:523

Scheduled Events 3

wpematico_cron

Maintenance & Trust

WPeMatico RSS Feed Fetcher Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 4, 2026

PHP min version7.0

Downloads1.3M

Community Trust

Rating96/100

Number of ratings510

Active installs10K

Alternatives

WPeMatico RSS Feed Fetcher Alternatives

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

feedzy-rss-feeds

The most powerful WordPress RSS aggregator, helping you curate content, autoblog, import RSS & display unlimited RSS feeds within a few minutes.

40K 11 CVEs

Auto Robot – WP Autoblogging and RSS Feed News Aggregator

auto-robot

100

Auto blogging and generate WordPress posts automatically from OpenAI ChatGPT, RSS Feed, Instagram, Youtube, Facebook, Twitter, Vimeo, Flickr and etc.

100 No CVEs

RSS Feed Retriever

wp-rss-retriever

The fastest RSS feeds plugin for WordPress. Includes excerpt & thumbnail image. Use as a news aggregator, autoblog, or RSS parsing.

8K 2 CVEs

Import XML and RSS Feeds

import-xml-feed

Import content from any XML or RSS file or URL. Very useful for importing content from Wix websites.

2K 4 CVEs

Developer Profile

WPeMatico RSS Feed Fetcher Developer Profile

etruel

11 plugins · 13K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

116 days

View full developer profile

Detection Fingerprints

How We Detect WPeMatico RSS Feed Fetcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpematico/css/admin_style.css/wp-content/plugins/wpematico/css/wpematico-frontend.css/wp-content/plugins/wpematico/css/wpematico-admin.css/wp-content/plugins/wpematico/js/wpematico-frontend.js/wp-content/plugins/wpematico/js/wpematico-admin.js/wp-content/plugins/wpematico/js/wpematico-tinymce.js/wp-content/plugins/wpematico/js/wpematico-cron.js/wp-content/plugins/wpematico/js/wpematico-scripts.js+10 more

Generator Patterns

WPeMatico 2.8.16

Script Paths

/wp-content/plugins/wpematico/js/wpematico-cron.js

Version Parameters

wpematico/css/admin_style.css?ver=wpematico/css/wpematico-frontend.css?ver=wpematico/css/wpematico-admin.css?ver=wpematico/js/wpematico-frontend.js?ver=wpematico/js/wpematico-admin.js?ver=wpematico/js/wpematico-tinymce.js?ver=wpematico/js/wpematico-cron.js?ver=wpematico/js/wpematico-scripts.js?ver=wpematico/js/admin-scripts.js?ver=wpematico/js/select2.min.js?ver=wpematico/js/campaign-edit.js?ver=wpematico/js/jquery.wpematico.min.js?ver=wpematico/js/jquery.dataTables.min.js?ver=wpematico/js/dataTables.bootstrap.min.js?ver=wpematico/js/tinymce/tinymce.min.js?ver=wpematico/js/tinymce/plugins/wpematico/plugin.min.js?ver=wpematico/js/tinymce/langs/en.js?ver=wpematico/js/tinymce/langs/es.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpematico-campaign-titlewpematico-campaign-contentwpematico-campaign-title-editwpematico-campaign-content-editwpematico-settings-wrapwpematico-cron-logwpematico-debug-logwpematico-addons-wrap+10 more

HTML Comments

+12 more

Data Attributes

data-campaign-iddata-feed-urldata-feed-titledata-campaign-actiondata-action-urldata-wpematico-nonce+4 more

JS Globals

wpematico_varsWPeMaticoFrontendWPeMaticoAdminWPeMaticoCronWPeMaticoTinyMCE

REST Endpoints

/wp-json/wpematico/v1/campaigns/wp-json/wpematico/v1/campaign/(?P<id>[\d]+)/wp-json/wpematico/v1/settings/wp-json/wpematico/v1/tools

Shortcode Output

[wpematico][wpematico_feed_link][wpematico_latest_post][wpematico_campaign_list]

FAQ