Vulnerability Details CVE-2015-2196
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.8%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2015-2196
-
cpe:2.3:a:web-dorado:spider_calendar:1.4.9