Overview

A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The CWE definition for the vulnerability is CWE-89. The weakness was released 04/06/2023 as a9277f13781187daee760b4dfd052b1b68e101cc. It is possible to read the advisory at github.com. This vulnerability is known as CVE-2013-10023. The attack can be launched remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 2.7 is able to address this issue. The updated version is ready for download at github.com. The patch is named a9277f13781187daee760b4dfd052b1b68e101cc. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published before and not just after the disclosure of the vulnerability. [Details]

IOB - Indicator of Behavior (796)

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.