CVE-2021-24552

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the eventid POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue...

CVE-2021-24552

The CVE-2021-24552 entry concerns the WordPress plugin Simple Events Calendar (versions

Wordpress Plugin Simple Events Calendar SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the...

WordPress Simple Events Calendar plugin <=1.3.5 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Lenon Leite in WordPress Simple Events Calendar plugin versions =1.3.5. Solution 11/20/2017 - we were unable to find a patched version of this plugin...

Simple Events Calendar <= 1.3.5 - Authenticated SQL Injection

Type user access: administrator user. $POST‘eventid’ is not escaped. File / Code: Path Request: /wp-content/plugins/simple-events-calendar/simple-events-calendar.php Line : 467 $editevent = $POST'eventid'; $update = $wpdb-getresults " SELECT FROM $tablename WHERE id = $editevent ", "ARRAYA" ; PoC...