SQL Injection Vulnerability in CP Multi View Event Calendar Plugin for WordPress
CVE-2014-8586

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cp Multi View Event Calendar
Vendor: CVE Published:; 4 November 2014

Summary

An SQL injection vulnerability exists in version 1.01 of the CP Multi View Event Calendar plugin for WordPress. This flaw permits remote attackers to inject arbitrary SQL commands via the 'calid' parameter, potentially leading to unauthorized access to database information. The exploit can compromise sensitive data and may allow malicious users to manipulate the database. Users are urged to update their plugin and follow best security practices to mitigate potential risks.

References

http://www.securityfocus.com/bid/70718

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/97766

vdb-entryx_refsource_XF

http://osvdb.org/show/osvdb/113670

vdb-entryx_refsource_OSVDB

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 4, 2014
Vulnerability Reserved
Nov 4, 2014