CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24553

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.9%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://codevigilant.com/disclosure/2021/wp-plugin-timeline-calendar/
https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a
https://codevigilant.com/disclosure/2021/wp-plugin-timeline-calendar/
https://wpscan.com/vulnerability/14c75a00-a52b-430b-92da-5145e5aee30a

Products affected by CVE-2021-24553

Timeline Calendar Project » Timeline Calendar » Version: N/A

cpe:2.3:a:timeline_calendar_project:timeline_calendar:-
Timeline Calendar Project » Timeline Calendar » Version: 1.2

cpe:2.3:a:timeline_calendar_project:timeline_calendar:1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24553

Products

Pricing

Contact Us