CVE-2021-24553

CVE-2021-24553: Timeline Calendar <= 1.2 - Authenticated (admin+) SQL Injection

Vendor Unknown

Product Timeline Calendar

Weakness CWE-89 · SQLi

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Timeline Calendar WordPress plugin through 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24553

Related vulnerabilities

04Related CVE

CVE-2023-1578 SQL Injection in pimcore/pimcore CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability CVE-2025-5575 PHPGurukul Dairy Farm Shop Management System add-product.php sql injection CVE-2025-15206 Campcodes Supplier Management System add_area.php sql injection