Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a...
8.8CVSS
8.8AI Score
0.004EPSS
The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the...
7.2CVSS
7.1AI Score
0.001EPSS