WordPress Plugin Vulnerabilities

WP-Cal 0.3 - editevent.php SQL Injection

Description

The wp-cal WordPress plugin was affected by an editevent.php SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wp-cal
No known fix

References

CVE
CVE-2008-0490
Exploitdb
4992

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
c2cc9469-5021-40c1-a4a8-352171c78e46

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2022-12-02
Title
Plugin Logic < 1.0.8 - Admin+ SQLi
Published
2025-06-25
Title
Owl carousel responsive <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter
Published
2020-11-25
Title
WPJobBoard < 5.7.0 - Unauthenticated SQL Injection
Published
2021-05-27
Title
Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection
Published
2014-08-01
Title
WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection