CVE-2015-3313

🗓️ 07 Sep 2017 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

SQL injection vulnerability in WordPress Community Events plugi

Reporter	Title	Published	Views	Family All 10
0day.today	WordPress Community Events Plugin 1.3.5 - SQL Injection Vulnerability	21 Apr 201500:00	–	zdt
CNVD	WordPress Plugin Community Events 'community-events.php' SQL Injection Vulnerability	30 Apr 201500:00	–	cnvd
Cvelist	CVE-2015-3313	7 Sep 201720:00	–	cvelist
Exploit DB	WordPress Plugin Community Events 1.3.5 - SQL Injection	21 Apr 201500:00	–	exploitdb
exploitpack	WordPress Plugin Community Events 1.3.5 - SQL Injection	21 Apr 201500:00	–	exploitpack
NVD	CVE-2015-3313	7 Sep 201720:29	–	nvd
OpenVAS	WordPress Community Events Plugin < 1.4 SQLi Vulnerability	11 Sep 201700:00	–	openvas
Packet Storm	WordPress Community Events 1.3.5 SQL Injection	20 Apr 201500:00	–	packetstorm
Prion	Sql injection	7 Sep 201720:29	–	prion
WPVulnDB	Community Events <= 1.3.5 - SQL Injection	14 Apr 201500:00	–	wpvulndb

NVD

Node

community_events_project community_eventsRange≤1.3.5wordpress

Source	Link
exploit-db	www.exploit-db.com/exploits/36805/
openwall	www.openwall.com/lists/oss-security/2015/05/08/3
packetstormsecurity	www.packetstormsecurity.com/files/131530/WordPress-Community-Events-1.3.5-SQL-Injection.html
openwall	www.openwall.com/lists/oss-security/2015/04/16/10
securityfocus	www.securityfocus.com/bid/74234
wordpress	www.wordpress.org/plugins/community-events/

Parameter	Position	Path	Description	CWE
eventyear	query param	/?page_id=2&eventyear=2015 AND 1=1 )--&dateset=on&eventday=1	Blind SQL injection through the eventyear parameter in the Community Events plugin search, allowing retrieval of data from the database.	CWE-89

13 May 2026 00:24Current

9.8High risk

Vulners AI Score9.8

CVSS 27.5

CVSS 39.8

EPSS0.18463

sql injection vulnerability wordpress community events plugin cve-2015-3313 nvd