Unrated severityNVD Advisory· Published Aug 23, 2021· Updated Aug 3, 2024

Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection

CVE-2021-24552

Description

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Simple Events Calendardescription
WordPress/Simple Events Calendarllm-create
Range: <=1.4.0

Patches

Vulnerability mechanics

References

codevigilant.com/disclosure/2021/wp-plugin-simple-events-calendar/mitrex_refsource_MISC
wpscan.com/vulnerability/3482a015-a5ed-4913-b516-9eae2b3f89dbmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000