WordPress Plugin Vulnerabilities

Multi Feed Reader <= 2.2.3 - SQL Injection

Description

The Multi Feed Reader WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
multi-feed-reader
Fixed in 2.2.4

References

CVE
CVE-2017-2195
URL
https://jvn.jp/en/jp/JVN98617234/index.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3f851cbb-d19e-48d6-a5a7-3e52129da67e

Timeline

Publicly Published
2017-06-06 (about 8 years ago)
Added
2017-06-12 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-07
Title
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
Published
2023-07-18
Title
WP Donate < 1.5 - Unauthenticated SQL Injection
Published
2025-02-03
Title
Payment Forms for Paystack < 4.0.2 - Authenticated (Administrator+) SQL Injection
Published
2025-07-01
Title
Booking calendar, Appointment Booking System < 3.2.18 - Unauthenticated Time-Based SQLi
Published
2024-09-06
Title
Pinpoint Booking System < 2.9.9.5.1- Authenticated (Subscriber+) SQL Injection