CVE-2023-6360
CVSS 3.1 Score 9.8 of 10 (high)
Attack Complexity low
Confidentiality high
Integrity high
Availability high
Scope unchanged
Privileges Required none
Details
Published Nov 30, 2023
Updated: Dec 6, 2023
CWE ID 89
Summary
CVE-2023-6360 is a newly disclosed vulnerability that puts WordPress sites using the 'My Calendar' plugin version below 3.4.22 at risk. Attackers can exploit unauthenticated SQL injection vulnerabilities in the '/my-calendar/v1/events' rest route by manipulating the 'from' and 'to' parameters. Successful exploitation could lead to unauthorized access, data theft, or even complete site takeover. Users are advised to update the plugin as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share