VYPR

Spider Calendar

by Web Dorado

CVEs (2)

  • CVE-2017-7719CriApr 12, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.

  • CVE-2015-2196Mar 3, 2015
    risk 0.04cvss epss 0.11

    SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.