CVE-2023-52142

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 8, 2024

Updated: Jan 12, 2024

CWE ID 89

Summary

CVE-2023-52142 is an SQL Injection vulnerability affecting the Events Shortcodes For The Events Calendar plugin. The flaw, which occurs from version n/a through 2.3.1, arises due to improper neutralization of special elements used in SQL commands. An attacker can exploit this issue to inject malicious SQL commands and potentially gain unauthorized access to sensitive data or execute arbitrary code on the affected system. It is strongly recommended that users upgrade to the latest version of the plugin to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t9LptK
https://www.cve.org/CVERecord?id=CVE-2023-52142
https://nvd.nist.gov/vuln/detail/CVE-2023-52142

Back to Vulnerability Database

CVE-2023-52142

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations