CVE-2013-10023

Name of the Vulnerable Software and Affected Versions Editorial Calendar Plugin versions up to 2.6

Description A critical issue has been found in the Editorial Calendar Plugin, affecting the function edcal filter where of the file edcal.php. The manipulation of the arguments edcal startDate and edcal endDate leads to SQL injection. This issue can be exploited remotely. Upgrading to version 2.7 addresses this issue.

Recommendations For Editorial Calendar Plugin versions up to 2.6, upgrade to version 2.7 to resolve the issue. As a temporary workaround, consider restricting the use of the edcal filter where function in the edcal.php file until the upgrade is applied.