CVE-2023-52142

2024-01-0821:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve

2023

52142

sql injection

cool plugins

events shortcodes

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.

Affected configurations

Vulners

NVD

Node

cool_pluginsevents_shortcodes_for_the_events_calendarRange≤2.3.1

CPENameOperatorVersion
coolplugins:events_shortcodes_for_the_events_calendarcoolplugins events shortcodes for the events calendarle2.3.1

CPE	Name	Operator	Version
coolplugins:events_shortcodes_for_the_events_calendar	coolplugins events shortcodes for the events calendar	le	2.3.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "template-events-calendar",
    "product": "Events Shortcodes For The Events Calendar",
    "vendor": "Cool Plugins",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve