.. / CVE-2023-6360

Exploit for WordPress My Calendar <3.4.22 - SQL Injection (CVE-2023-6360)

Description:

WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the ‘from’ and ‘to’ parameters of the ‘/my-calendar/v1/events’ REST route.

Nuclei Template

View the template here CVE-2023-6360.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-6360.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-6360
https://www.joedolson.com/2023/11/my-calendar-3-4-22-security-release/
https://www.tenable.com/security/research/tra-2023-40
https://github.com/JoshuaMart/JoshuaMart
https://wordpress.org/plugins/my-calendar/