Description

WordPress Plugin Multi Feed Reader is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Multi Feed Reader version 2.2.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2.4 or latest

References

http://jvn.jp/en/jp/JVN98617234/index.html

https://plugins.svn.wordpress.org/multi-feed-reader/trunk/readme.txt

Related Vulnerabilities

PHP hangs on parsing particular strings as floating point number

TYPO3 Insertion of Sensitive Information into Log File Vulnerability (CVE-2021-32767)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-3493)

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)

PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)

Severity

High

Classification

CVE-2017-2195 CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection