CVE-2023-52142

2024-01-0821:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-52142

improper neutralization of special elements

sql command

cool plugins

events shortcodes

the events calendar

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1.

Affected configurations

Nvd

Node

coolpluginsevents_shortcodes_for_the_events_calendarRange≤2.3.1wordpress

VendorProductVersionCPE
coolpluginsevents_shortcodes_for_the_events_calendar*cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
coolplugins	events_shortcodes_for_the_events_calendar	*	cpe:2.3:a:coolplugins:events_shortcodes_for_the_events_calendar::::::wordpress::*

References

patchstack.com/database/vulnerability/template-events-calendar/wordpress-events-shortcodes-for-the-events-calendar-plugin-2-3-1-sql-injection-vulnerability?_s_id=cve