CVE-2014-8586

CP Multi View Event Calendar - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.

Exploits (2)

exploitdb WORKING POC
by Claudio Viviani · textwebappsphp
https://www.exploit-db.com/exploits/35073
metasploit SCANNER
by Joaquin Ramirez Martinez, bperry · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb

References (5)

Scores

EPSS 0.7802
EPSS Percentile 99.0%

Details

CWE
CWE-89
Status published
Products (1)
cp_multi_view_event_calendar_project/cp_multi_view_event_calendar 1.0.1
Published Nov 04, 2014
Tracked Since Feb 18, 2026