EUVD-2021-11465

Malware in sbrugna...

CVE-2021-24553

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...

CVE-2021-24553

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...

CVE-2021-24553

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...

CVE-2021-24553 Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin...

CVE-2021-24553

The CVE-2021-24553 entry concerns the Timeline Calendar WordPress plugin (versions up to 1.2). The underlying issue is an authenticated SQL injection caused by not sanitising, validating, or escaping the edit GET parameter before it is used in a SQL statement when editing events; multiple SQL inj...

Wordpress Plugin Timeline Calendar SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. Wordpress Plugin Timeline Calendar A SQL...

Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin GET...

Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection

The plugin does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin PoC GET...

WordPress Timeline Calendar plugin <= 1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Timeline Calendar plugin versions = 1.2. Solution This plugin has been closed as of June 3, 2021 and is not available for download. Reason: Security Issue...