Search
Find a vulnerability
Search criteria
5 vulnerabilities found for Multi Feed Reader by Eric Teubert
CVE-2024-53718 (GCVE-0-2024-53718)
Vulnerability from nvd – Published: 2024-12-02 13:48 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through <= 2.2.4.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eric Teubert | Multi Feed Reader |
Affected:
0 , ≤ 2.2.4
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T14:41:30.299098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:01:00.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "multi-feed-reader",
"product": "Multi Feed Reader",
"vendor": "Eric Teubert",
"versions": [
{
"lessThanOrEqual": "2.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Chan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:04.181Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.\u003cp\u003eThis issue affects Multi Feed Reader: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through \u003c= 2.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:44.332Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/multi-feed-reader/vulnerability/wordpress-multi-feed-reader-plugin-2-2-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Multi Feed Reader plugin \u003c= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-53718",
"datePublished": "2024-12-02T13:48:45.074Z",
"dateReserved": "2024-11-22T13:51:36.870Z",
"dateUpdated": "2026-04-28T16:10:44.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-2195 (GCVE-0-2017-2195)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/multi-feed-reader/#… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN98617234/index.html | third-party-advisoryx_refsource_JVN |
| https://wpvulndb.com/vulnerabilities/8844 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eric Teubert | Multi Feed Reader |
Affected:
prior to version 2.2.4
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multi Feed Reader",
"vendor": "Eric Teubert",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.4"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multi Feed Reader",
"version": {
"version_data": [
{
"version_value": "prior to version 2.2.4"
}
]
}
}
]
},
"vendor_name": "Eric Teubert"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/multi-feed-reader/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8844",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2195",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53718 (GCVE-0-2024-53718)
Vulnerability from cvelistv5 – Published: 2024-12-02 13:48 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through <= 2.2.4.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eric Teubert | Multi Feed Reader |
Affected:
0 , ≤ 2.2.4
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T14:41:30.299098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:01:00.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "multi-feed-reader",
"product": "Multi Feed Reader",
"vendor": "Eric Teubert",
"versions": [
{
"lessThanOrEqual": "2.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Chan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:04.181Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.\u003cp\u003eThis issue affects Multi Feed Reader: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through \u003c= 2.2.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:44.332Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/multi-feed-reader/vulnerability/wordpress-multi-feed-reader-plugin-2-2-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Multi Feed Reader plugin \u003c= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-53718",
"datePublished": "2024-12-02T13:48:45.074Z",
"dateReserved": "2024-11-22T13:51:36.870Z",
"dateUpdated": "2026-04-28T16:10:44.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-2195 (GCVE-0-2017-2195)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/multi-feed-reader/#… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN98617234/index.html | third-party-advisoryx_refsource_JVN |
| https://wpvulndb.com/vulnerabilities/8844 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eric Teubert | Multi Feed Reader |
Affected:
prior to version 2.2.4
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multi Feed Reader",
"vendor": "Eric Teubert",
"versions": [
{
"status": "affected",
"version": "prior to version 2.2.4"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multi Feed Reader",
"version": {
"version_data": [
{
"version_value": "prior to version 2.2.4"
}
]
}
}
]
},
"vendor_name": "Eric Teubert"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/multi-feed-reader/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/multi-feed-reader/#developers"
},
{
"name": "JVN#98617234",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN98617234/index.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8844",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2195",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000115
Vulnerability from jvndb - Published: 2017-06-06 14:54 - Updated:2018-01-17 13:58
Severity
Summary
WordPress plugin "Multi Feed Reader" vulnerable to SQL injection
Details
The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability (CWE-89).
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000115.html",
"dc:date": "2018-01-17T13:58+09:00",
"dcterms:issued": "2017-06-06T14:54+09:00",
"dcterms:modified": "2018-01-17T13:58+09:00",
"description": "The WordPress plugin \"Multi Feed Reader\" contains an SQL injection vulnerability (CWE-89).\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000115.html",
"sec:cpe": {
"#text": "cpe:/a:multi_feed_reader_project:multi_feed_reader",
"@product": "Multi Feed Reader",
"@vendor": "Eric Teubert",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000115",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN98617234/index.html",
"@id": "JVN#98617234",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2195",
"@id": "CVE-2017-2195",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2195",
"@id": "CVE-2017-2195",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "WordPress plugin \"Multi Feed Reader\" vulnerable to SQL injection"
}