Critical severity9.8NVD Advisory· Published Apr 12, 2017· Updated May 13, 2026

CVE-2017-7719

Description

SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.

Affected products

Web Dorado/Spider Event Calendar
cpe:2.3:a:web-dorado:spider_event_calendar:*:*:*:*:*:*:*:*
Range: <=1.5.51

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.openwall.net/full-disclosure/2017/04/09/1nvdExploitMailing ListPatchThird Party Advisory
www.securityfocus.com/bid/97656nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000