3 matches found
CVE-2024-2831 Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-2831
The CVE-2024-2831 vulnerability affects the WordPress Calendar plugin (Calendar) and is an SQL Injection via shortcode where user-supplied input is concatenated directly into SQL without proper preparation. Connected Red Hat data confirms the same issue affecting Calendar on versions up to 1.3.14...
WordPress Calendar Plugin <= 1.3.14 is vulnerable to SQL Injection
Software Calendar Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2831 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 8a403f3f03cd Credits Krzysztof Zając Required privilege Contributor Publishe...