SQL Injection Vulnerability in Multi Feed Reader by WordPress
CVE-2017-2195

8.8HIGH

Key Information:

Vendor: WordPress
Status: Multi Feed Reader
Vendor: CVE Published:; 9 June 2017

🔔 Create WordPress Vulnerability Alert

What is CVE-2017-2195?

An SQL injection vulnerability was identified in Multi Feed Reader, allowing authenticated attackers to execute arbitrary SQL commands through unspecified vectors. This flaw could lead to exposure of sensitive data and manipulation of the database, posing significant security risks for users of the affected versions.

Affected Version(s)

Multi Feed Reader prior to version 2.2.4

References

https://wordpress.org/plugins/multi-feed-reader/#developers

x_refsource_CONFIRM

http://jvn.jp/en/jp/JVN98617234/index.html

third-party-advisoryx_refsource_JVN

https://wpvulndb.com/vulnerabilities/8844

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2017
Vulnerability Reserved
Dec 1, 2016

.