Security for everyone

CVE-2023-6360 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in My Calendar plugin for WordPress affects v. before 3.4.22.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2023-6360 Scanner Detail

Vulnerability Overview

CVE Identifier: CVE-2023-6360

Vulnerable Component: WordPress My Calendar plugin

Parameters Affected: 'from' and 'to' parameters in '/my-calendar/v1/events' REST route

Issue: Unauthenticated SQL Injection

Vulnerability Details

The vulnerability stems from a lack of proper sanitization of the 'from' and 'to' parameters within the '/my-calendar/v1/events' REST route. Attackers can exploit this oversight by crafting malicious requests that manipulate the SQL query, potentially leading to unauthorized database access, information disclosure, or database manipulation.

Possible Effects

An exploitation of this vulnerability could lead to significant impacts on an organization, including unauthorized access to sensitive data, manipulation of calendar events, and potentially compromising the entire WordPress site. It may also serve as a gateway for more sophisticated attacks against the website's users or infrastructure.

Why Choose SecurityForEveryone

SecurityForEveryone provides a user-friendly platform that simplifies the process of scanning for and understanding various vulnerabilities. By becoming a member, you gain access to a suite of tools designed to enhance your website's security posture. Our scanners are updated regularly to detect the latest vulnerabilities, ensuring your site remains protected against evolving threats. Join us to make cybersecurity accessible and manageable.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture