ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities

Product
Spider Event Calendar
Description
Spider Event Calendar plugin is prone to multiple vulnerabilities: 1. Insufficient access check for AJAX operations in "calendar.php"; 2. SQL Injection in "calendar.php" function "spider_calendar_quick_update"; 3. SQL Injection in "calendar.php" function "spider_calendar_quick_edit"; 4. SQL Injection in "calendar_functions.php" function "show_spider_calendar"; 5. SQL Injection in "calendar_functions.php" function "show_spider_event"; 6. SQL Injection in "calendar_functions.php" function "spider_calendar_published"; 7. SQL Injection in "calendar_functions.php" function "add_spider_event"; 8. SQL Injection in "calendar_functions.php" function "edit_spider_event"; 9. SQL Injection in "calendar_functions.php" function "published_spider_event"; 10. Stored XSS in Spider Calendar title; 11. Stored XSS in Spider Calendar event title; 12. Reflected XSS in "nav_function\nav_html_func.php"; 13. Reflected XSS in "functions_for_xml_and_ajax.php"; 14. Full Path Disclosure in multiple scripts.
Solution
Update the plugin.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.0
Fixed In 1.3.1
Disclosure date
2013-05-26
Credits
waraxe