CVE-2021-24553

Name of the Vulnerable Software and Affected Versions Timeline Calendar WordPress plugin versions 1.2 and earlier

Description The issue is related to an authenticated SQL injection problem. It occurs because the edit GET parameter is not properly sanitised, validated, or escaped before being used in a SQL statement when editing events. Additionally, other SQL injection issues are present in the plugin.

Recommendations For Timeline Calendar WordPress plugin versions 1.2 and earlier, consider disabling the editing functionality for events until a patch is available to prevent exploitation of the SQL injection issue. Restrict access to the plugin's event editing feature to minimize the risk of authenticated SQL injection attacks. Avoid using the edit parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.