WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

EUVD-2015-2303

Malware in sbrugna...

EUVD-2017-16695

Malware in sbrugna...

CVE-2015-2196

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php...

WordPress Spider Event Calendar plugin <= 1.5.65 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Spider Event Calendar plugin versions = 1.5.65 by Krzysztof Zając. Solution This plugin has been closed as of January 13, 2022 and is not available for download. This closure is permanent. Deactivate the plugin and delete it...

WordPress Spider Event Calendar SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server to set up a personal blog site . Spider Event Calendar is one of the highly configurable calendar plugin . A SQL injection vulnerability exist...

Calendar by WD <= 1.5.51 - Authenticated SQL injection

http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf PoC Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar=showmanageeventid=1 Vulnerable POST Body: searcheventsbytitle=a=2011-11-11=2017-11-...

CVE-2017-7719

SQL injection in the Spider Event Calendar aka spider-event-calendar plugin before 1.5.52 for WordPress is exploitable with the orderby parameter to calendarfunctions.php or widgetThemefunctions.php, related to frontend/frontendfunctions.php...

Sql injection

SQL injection in the Spider Event Calendar aka spider-event-calendar plugin before 1.5.52 for WordPress is exploitable with the orderby parameter to calendarfunctions.php or widgetThemefunctions.php, related to frontend/frontendfunctions.php...

CVE-2017-7719

SQL injection in the Spider Event Calendar aka spider-event-calendar plugin before 1.5.52 for WordPress is exploitable with the orderby parameter to calendarfunctions.php or widgetThemefunctions.php, related to frontend/frontendfunctions.php...

CVE-2017-7719

SQL injection in the Spider Event Calendar aka spider-event-calendar plugin before 1.5.52 for WordPress is exploitable with the orderby parameter to calendarfunctions.php or widgetThemefunctions.php, related to frontend/frontendfunctions.php...

CVE-2017-7719

CVE-2017-7719 : SQL injection in the WordPress plugin Spider Event Calendar (aka spider-event-calendar) before 1.5.52. An attacker can abuse the order_by parameter in the filescalendar_functions.php or widget_Theme_functions.php , related to front_end/frontend_functions.php , to execute arbitrary...

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

WordPress Spider Event Calendar 1.5.51 Plugin - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY -----------------------...

WordPress Spider Event Calendar 1.5.51 Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

WordPress Event Calendar (Spider Event Calendar) plugin <= 1.5.38 - Reflected Cross-Site Scripting (XSS) Vulnerability

Reflected Cross-Site Scripting XSS Vulnerability was found in WordPress Event Calendar Spider Event Calendar plugin in 1.5.38 version. Solution Update the plugin...

WordPress Spider Event Calendar Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Spider Event Calendar plugin version 1.5.51, which can be exploited by...

WordPress Spider Event Calendar Plugin - Multiple Vulnerabilities

This plugin is prone to security bypass, cross site scripting and SQL injection vulnerabilities. Solution Update the plugin...