WordPress Plugin Vulnerabilities

Community Events < 1.4 - SQL Injection

Description

The Community Events WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
community-events
Fixed in 1.4

References

CVE
CVE-2015-3313
Exploitdb
36805
URL
https://packetstormsecurity.com/files/#131530/
URL
https://plugins.trac.wordpress.org/changeset/1133247/community-events
URL
https://web.archive.org/web/20181021204353/https://permalink.gmane.org/gmane.comp.security.oss.general/17650

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
985a4095-cdb9-4f30-b72c-a969914fc0fd

Timeline

Publicly Published
2015-04-14 (about 11 years ago)
Added
2015-04-14 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-08
Title
MapSVG < 8.7.4 - Unauthenticated SQL Injection
Published
2023-10-30
Title
Image vertical reel scroll slideshow < 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Published
2025-07-10
Title
WPGYM - Wordpress Gym Management System < 67.8.0 - Unauthenticated SQL Injection
Published
2025-02-18
Title
Pollin <= 1.01.1 - Authenticated (Admin+) SQL Injection
Published
2021-10-07
Title
Unlimited PopUps <= 4.5.3 - Author+ SQL Injection