WordPress Plugin Vulnerabilities

Calendar by WD <= 1.5.51 - Authenticated Blind SQL Injection

Description

The SpiderCalendar WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
spider-event-calendar
Fixed in 1.5.52

References

CVE
CVE-2017-7719
URL
https://seclists.org/fulldisclosure/2017/Apr/43
URL
https://plugins.trac.wordpress.org/changeset/1632229/spider-event-calendar

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3c6a671c-f7a8-4a40-a20a-4a4e5e85c5df

Timeline

Publicly Published
2017-04-10 (about 9 years ago)
Added
2017-04-10 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-10-10
Title
My Auctions Allegro Plugin < 3.6.32 - Authenticated (Admin+) SQL Injection
Published
2025-02-21
Title
All In Menu <= 1.1.5 - Authenticated (Subscriber+) SQL Injection
Published
2018-02-22
Title
Custom Permalinks <= 1.1 - Authenticated SQL Injection
Published
2023-10-21
Title
Advanced Local Pickup for WooCommerce < 1.6.0 - Authenticated (Administrator+) SQL Injection
Published
2025-01-06
Title
Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection