SQL Injection Vulnerability in CP Multi View Event Calendar Plugin for WordPress
CVE-2014-8586

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cp Multi View Event Calendar
Vendor
CVE Published:
4 November 2014

What is CVE-2014-8586?

An SQL injection vulnerability exists in version 1.01 of the CP Multi View Event Calendar plugin for WordPress. This flaw permits remote attackers to inject arbitrary SQL commands via the 'calid' parameter, potentially leading to unauthorized access to database information. The exploit can compromise sensitive data and may allow malicious users to manipulate the database. Users are urged to update their plugin and follow best security practices to mitigate potential risks.

References

http://www.securityfocus.com/bid/70718
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/97766
vdb-entryx_refsource_XF
http://osvdb.org/show/osvdb/113670
vdb-entryx_refsource_OSVDB

EPSS Score

78% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.