CVE-2023-6360 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in My Calendar plugin for WordPress affects v. before 3.4.22.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Vulnerability Overview
CVE Identifier: CVE-2023-6360
Vulnerable Component: WordPress My Calendar plugin
Parameters Affected: 'from' and 'to' parameters in '/my-calendar/v1/events' REST route
Issue: Unauthenticated SQL Injection
Vulnerability Details
The vulnerability stems from a lack of proper sanitization of the 'from' and 'to' parameters within the '/my-calendar/v1/events' REST route. Attackers can exploit this oversight by crafting malicious requests that manipulate the SQL query, potentially leading to unauthorized database access, information disclosure, or database manipulation.
Possible Effects
An exploitation of this vulnerability could lead to significant impacts on an organization, including unauthorized access to sensitive data, manipulation of calendar events, and potentially compromising the entire WordPress site. It may also serve as a gateway for more sophisticated attacks against the website's users or infrastructure.
Why Choose S4E
S4E provides a user-friendly platform that simplifies the process of scanning for and understanding various vulnerabilities. By becoming a member, you gain access to a suite of tools designed to enhance your website's security posture. Our scanners are updated regularly to detect the latest vulnerabilities, ensuring your site remains protected against evolving threats. Join us to make cybersecurity accessible and manageable.