SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin prior to 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
web-dorado spider event calendar |