CVE-2024-39638: WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability
First published: Thu Aug 29 2024(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| The Events Calendar | <2.12.3 |
Remedy
Update to 2.12.3 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39638?
The severity of CVE-2024-39638 is considered high due to its potential for SQL Injection exploitation.
How do I fix CVE-2024-39638?
To fix CVE-2024-39638, update the Roundup WP Registrations for the Events Calendar plugin to version 2.12.3 or later.
Which versions of Registrations for the Events Calendar are affected by CVE-2024-39638?
CVE-2024-39638 affects all versions of Registrations for the Events Calendar from n/a through 2.12.2.
What is the impact of CVE-2024-39638?
The impact of CVE-2024-39638 can allow attackers to execute arbitrary SQL queries within the database.
Who is vulnerable to CVE-2024-39638?
Users of the Roundup WP Registrations for the Events Calendar plugin prior to version 2.12.3 are vulnerable to CVE-2024-39638.
- agent/weakness
- agent/title
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/roundupwp
- canonical/the events calendar