CVE-2014-8586
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 40%
from disclosure to weapon0 days
Published on NVDNov 4
1st PoCOct 27
metasploit+119d
exploitation probability
40%top 2% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/35073unverifiedexploitdbwww.exploit-db.com/exploits/35073unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.