|
Description
|
|
A vulnerability has been discovered in the Spider Event Calendar plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "cat_id" parameter to wp-admin/admin-ajax.php (when "action" is set to "spiderbigcalendar_month") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.4.9. Prior versions may also be affected.
|
