WordPress Plugin Vulnerabilities

Feedweb 2.4.1-3.0.6 - SQL Injection

Description

The feedweb WordPress plugin was affected by a SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
feedweb
Fixed in 3.0.7

References

URL
http://wordpressa.quantika14.com/repository/index.php?id=26

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
828f8c4e-35f4-42f2-8ab5-dbe5cd9e9e24

Timeline

Publicly Published
2015-01-15 (about 11 years ago)
Added
2015-01-15 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-07-08
Title
WP Pipes <= 1.4.3 - Unauthenticated SQL Injection
Published
2025-05-16
Title
CountDown Pro WP Plugin <= 2.7 - Authenticated (Contributor+) SQL Injection
Published
2021-08-22
Title
Display users <= 2.0.0 - Authenticated SQL Injection
Published
2024-12-02
Title
Product Labels For Woocommerce < 1.5.9 - Authenticated (Administrator+) SQL Injection
Published
2024-07-08
Title
Houzez Theme - Functionality < 3.2.3 - Authenticated (Seller+) SQL Injection