Lucene search
Dimitrios TsagkarakisPATCHSTACK:295A57C479F881DC89D8C521D5A19005HistoryJun 04, 2017 - 12:00 a.m.
WordPress Event List plugin <=0.7.8 - SQL Injection vulnerability
2017-06-0400:00:00
Dimitrios Tsagkarakis
patchstack.com
6
0.001 Low
EPSS
Percentile
46.8%
WordPress Event List plugin <=0.7.8 vulnerable to SQL injection. Vulnerability allows an authenticated user to execute arbitrary SQL commands via the “id” parameter to “wp-admin/admin.php”
Solution
WordPress Event List plugin removed from WordPress.org plugin repository, please deactivate the plugin for security reasons.
Update: fixed version 0.7.9 available on WordPress.org plugin repository. Please update as soon as possible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| event list | le | 0.7.8 |
Related
packetstorm
packetstorm
WordPress Event List 0.7.8 SQL Injection
2017-06-13 00:00:00
nvd
nvd
CVE-2017-9429
2017-06-13 18:29:00
cve
cve
CVE-2017-9429
2017-06-13 18:29:00
exploitpack
exploitpack
WordPress Plugin Event List 0.7.8 - SQL Injection
2017-06-04 00:00:00
zdt
zdt
WordPress Event List Plugin <= 0.7.8 - SQL Injection Vulnerability
2017-06-14 00:00:00
wpvulndb
wpvulndb
Event List <= 0.7.8 - Authenticated SQL Injection
2017-06-04 00:00:00
prion
prion
Sql injection
2017-06-13 18:29:00
cvelist
cvelist
CVE-2017-9429
2017-06-13 18:00:00
exploitdb
exploitdb
WordPress Plugin Event List < 0.7.8 - SQL Injection
2017-06-04 00:00:00