The Simple Events Calendar WordPress plugin up to and including 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple events calendar project simple events calendar |