Vulnerability Details CVE-2014-8586
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.78
EPSS Ranking 99.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/show/osvdb/113670
- http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html
- http://www.exploit-db.com/exploits/35073
- http://www.securityfocus.com/bid/70718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97766
- http://osvdb.org/show/osvdb/113670
- http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.html
- http://www.exploit-db.com/exploits/35073
- http://www.securityfocus.com/bid/70718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97766
Products affected by CVE-2014-8586
-
cpe:2.3:a:cp_multi_view_event_calendar_project:cp_multi_view_event_calendar:1.0.1