CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14507

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.079

EPSS Ranking 91.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://wpvulndb.com/vulnerabilities/8921
https://www.exploit-db.com/exploits/42794/
https://wpvulndb.com/vulnerabilities/8921
https://www.exploit-db.com/exploits/42794/

Products affected by CVE-2017-14507

Shindiristudio » Content Timeline » Version: 4.4.2

cpe:2.3:a:shindiristudio:content_timeline:4.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14507

Products

Pricing

Contact Us