CVE-2023-52142

WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection

CVSS 7.6 HIGHEPSS 0.5%CWE-89

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.6EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 ene 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Productos afectados

Cool Plugins · Events Shortcodes For The Events Calendar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve