WordPress The Events Calendar Plugin security update advisory (CVE-2024-8275)

Sep 27 2024

Overview

An update has been released to address vulnerabilities in WordPress The Events Calendar Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8275

The Events Calendar versions: ~ 6.6.4 (inclusive)

Resolved Vulnerabilities

SQL injection vulnerability via the ‘order’ parameter of the ‘tribe_has_next_event’ function due to insufficient escaping in user-supplied parameters and insufficient preparation for existing SQL queries (CVE-2024-8275)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8275

The Events Calendar version: 6.6.4.1

References

[1] The Events Calendar <= 6.6.4 – Unauthenticated SQL Injection

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/the-events-calendar/the-events-calendar-664-unauthenticated-sql-injection

WordPress The Events Calendar Plugin security update advisory (CVE-2024-8275)

Navidrome Security Update Advisory (CVE-2024-47062)

TeamViewer Product Security Update Advisory

Tags:

Navidrome Security Update Advisory (CVE-2024-47062)

TeamViewer Product Security Update Advisory